Re: Question regarding best practices?
From: Leythos (void_at_nowhere.com)
Date: 02/03/04
- Next message: gv: "cell modem networks, routable IP?"
- Previous message: Erin: "Re: firewalls that can ssl ftp?"
- In reply to: Joe Finsterwald: "Question regarding best practices?"
- Next in thread: Lassi Hippeläinen : "Re: Question regarding best practices?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 03 Feb 2004 17:32:34 GMT
In article <682cfaf1.0402030836.79833bb5@posting.google.com>,
jfinsterwald@hcri.harvard.edu says...
> Hello,
>
> My question is related to best practices. In particular, my question
> is directed toward Microsoft Sys Admins. I work as a dotnet developer
> in a Microsoft shop. I pretty much do most of my development on a
> laptop. Because I develop asp.net applications I have iis, vs.net,
> and sql server 2000 installed on my machine. Recently, my sys admin
> announced that laptops would no longer be permitted to have iis
> installed. This is kind of a downer given that I do a lot of
> development off-line when I'm off site.
>
> I spoke with my systems administrator about the new policy and he told
> me that this is standard practice. That iis installed on a laptop is
> a potential security hole.
>
> My question/questions: Is this true? If so how is this true?
This is sort of true - developers stand in their own security zones,
meaning that developers have more tools/services that can be attacked
than standard "office" type users.
In my development centers we install a firewall application on every
laptop, Tiny works for us. This means that each laptop user can do
anywhere and be protected from uninvited guests.
We also enforce corporate wide antivirus installs on every machine and
mandatory updates.
Developing on a laptop is a PITA, but I do it from my laptop all the
time and I travel the country too - never been hacked so far (20+
years).
What I would suggest is that you have your Admin install a firewall app
on your computer, ensure that IIS ports (80/443) and SQL ports
(1433/1434) are closed to ALL INBOUND (as well as many others) and then
let you keep working without uninstalling IIS.
-- -- spamfree999@rrohio.com (Remove 999 to reply to me)
- Next message: gv: "cell modem networks, routable IP?"
- Previous message: Erin: "Re: firewalls that can ssl ftp?"
- In reply to: Joe Finsterwald: "Question regarding best practices?"
- Next in thread: Lassi Hippeläinen : "Re: Question regarding best practices?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
