Re: General security issues

From: Robert Moir (bofh_at_mvps.org)
Date: 12/06/03 

Date: Fri, 5 Dec 2003 23:39:48 -0000

Doug wrote:

>> Thanks for the info. We are county government. I will
> not be the person responsible to implement/manage the
> server. We have an IT person on staff that will manage
> the server. My questions come because I will be
> helping/support the financial/pr applications. One of my
> main concerns is response and security on the server.

You can buy a big enough server to do most things if the budget is big
enough and the person with signing authority generous enough so we'll put
the server "sizing" issue to one side.

As for security... I am personally always uncomfortable with something
facing the web and being a mail LAN server for the simple reason that, well,
everything is a compromise and this is too big a compromise for me; LAN file
servers need things to be relatively open, at least to some degree. Apps
frequently have their own strange requirements that can compromise security
or at the very least, complicate it immensely.

Web servers/web facing email servers on the other hand need things to be
locked down as tight as possible. No debate. No question about that one, is
there? So the problem for me is that the needs for your two kinds of task
are too far apart to be ideally done on the same server.

Another downside is that putting everything on one server increases the
scope for interuption to services. For example, with just the one server, if
you have a "For hecks sake apply it right now" security patch for the web or
email service that just won't wait, you'll be disrupting the line of
business, which won't be popular with the users trying to close the accounts
and balance the books urgently "by close of business today". 

-- 
-- 
Rob Moir
Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html

Relevant Pages