Re: General security issues
From: Chuck (none_at_example.com)
Date: 12/06/03
- Next message: SBU Team [MSFT]: "Re: Windows Update <=> Microsoft Security Bulletin"
- Previous message: SBU Team [MSFT]: "Re: Installing a webserver"
- In reply to: Doug: "Re: General security issues"
- Next in thread: Doug: "Re: General security issues"
- Reply: Doug: "Re: General security issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 5 Dec 2003 17:24:09 -0600
On Fri, 5 Dec 2003 12:12:28 -0800, "Doug"
<anonymous@discussions.microsoft.com> wrote:
>>Thanks for the info. We are county government. I will
>not be the person responsible to implement/manage the
>server. We have an IT person on staff that will manage
>the server. My questions come because I will be
>helping/support the financial/pr applications. One of my
>main concerns is response and security on the server.
OK, Doug,
You're application support, and you'll be supporting an application
running on a server provided and maintained by IT.
Concerns off the top of my head (amended):
1) Server patch management. Will you be involved in server patch
management? Microsoft patches have been known to break applications
running on servers. Will there be a patch testing, approval, and
rollback process?
2) Application security. Will you use Active Directory, will the
application be AD aware, or will it have its own authentication /
authorisation mechanism?
3) Data backup. Will you depend upon backup support from IT, or will
you be responsible for that?
4) Application Support. Is the application being developed in-house,
is it a custom job by an outside firm, or is it "shrinkwrap" off the
shelf?
5) Server Resources. You'll be sharing a server with email and file
sharing (internet eventually?). Application, email, and file sharing
each place a different load and instability risk on a server. Does
your government agency have a good security policy to deal with
internal and external technological threats? If your application gets
trashed by a file sharing or internet originated virus or worm, will
you be responsible?
6) Server Access - Physical and Logical. The server will be owned
and supported by IT. Will there be good controls re physical and
logical access to a) Identify past access in case of a problem, b)
Limit future access to prevent problems. Will you have the access
needed to do your job?
7) Desktop Support Needs. You'll be supporting an application which
will have desktop involvement. Will you support the application on
the desktop, if not, how will the support responsibility (desktop /
server) be delineated? How easily will the desktop portion of your
application integrate with the desktop platform as a whole?
Cheers,
Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.
- Next message: SBU Team [MSFT]: "Re: Windows Update <=> Microsoft Security Bulletin"
- Previous message: SBU Team [MSFT]: "Re: Installing a webserver"
- In reply to: Doug: "Re: General security issues"
- Next in thread: Doug: "Re: General security issues"
- Reply: Doug: "Re: General security issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
