[dba-Tech] Server Hardening? Really?

Tydda Jon - Lonza Slough jon.tydda at lonza.com
Wed Mar 6 02:25:32 CST 2013


At my current work, once you're in via the VPN or remote accessing with RSA tokens, you can do anything.

At my last place, you logged on from home to a DMZ, where you had remote control of a server which could then access things within the network if you had the privileges. There's various ways of doing it...


Jon

-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Dan Waters
Sent: 05 March 2013 17:20
To: 'Discussion of Hardware and Software issues'
Subject: [dba-Tech] Server Hardening? Really?

One of my customers is a subsidiary of a larger company.  That company has contracted with Computer Services Company (CSC) to provide computer and network services.  (CSC was recently fired by the US Air Force for not fulfilling a contract to provide a large software system.)



At my customer, CSC is doing what they call 'server hardening'.  A consequence of this is that remote desktop access is no longer allowed - so I can no longer directly update or maintain the system I've built for them.
Even my customer's employees have lost their remote access to this server.
I have yet to figure out how to make this work.  BTW, the folks at my customer have been infuriated by CSC's actions for a couple of years now and they are angrier than I am.



So, I'd like to ask everyone if you believe that preventing remote desktop access is appropriate for server hardening.  Or, what steps could be done to provide equivalently secure remote access?





Thanks!

Dan Waters



_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com

This communication and its attachments, if any, may contain confidential and privileged information the use of which by other persons or entities than the intended recipient is prohibited. If you receive this transmission in error, please contact the sender immediately and delete the material from your system.



More information about the dba-Tech mailing list