|
Posted by Al Dunbar on July 25, 2007, 2:52 pm
Please log in for more thread options
>I have recently been given charge of the server group at our company.
>Since
> I am from the application side there are certain pratices that I am not
> familiar with. One of these is the practice of remaining continuously
> logged
> in to servers.
Are these remote desktop sessions, or are people logged in directly to the
server console? Are they actually working on something (and if so what is
it), or do they just make a habit of logging in and staying in?
When they are logged in, do they leave the keyboard without locking the
workstation or server?
> In previous companies I was lead to believe that this was not
> acceptable and poses a security risk.
There are other reasons that would suggest it is not a good practice, some
in the operational area.
Recently I needed to shutdown the domain controller at our site before a
planned power outage and found that a domain admin was logged on remotely
(from two time zones away!). Not being a domain admin myself, I could not
log him out, or do any kind of a graceful shutdown without being able to
logon. I was able to track him down by phone, but never did find out what he
was logged in for.
> Can anyone here point me to
> documentation that logging off servers is part of best pratices? Or that
> it
> is OK to keep administrator level users continuously logged in to servers?
Servers and administrator accounts are powerful tools that, according to the
theory of least privilege, should be used only when absolutely necessary. I
think this is so obviously a best practice that that may be why it is
difficult to find it written down anywhere...
> Thanks for your input.
I wish I could point you to such documentation, but I do not know of any.
The way I would approach it is this: what are the benefits of remaining
logged in, and are there other ways of getting those benefits? If the
benefit is being able to do some ad-hoc admin stuff without having to enter
one's password first, I would suggest that the person must not be locking
the computer, and that is a definite problem. Sending these people on some
security courses might straighten them out.
The onus should not be on you to prove that the practice is potentially
dangerous or inadvisable. Ask those defending this practice to show you the
analysis they have done that shows it to be perfectly safe under all
reasonable circumstances.
A server is a critically important resource for all users, so should be used
directly as sparingly as possible, preferably only for those tasks that
cannot be reasonably done from a remote workstation. This is not just a
security issue, but a realistic technical issue. The more often a windows
system is used interactively, the more often it may need to be rebooted.
Being able to do admin work from any workstation also makes the admins more
efficient.
You say you are in charge of the server group. Are you simply the supervisor
of the staff from an HR perspective? Or does this give you the authority to
develop operational guidelines? If the latter, then I would recommend you
continue pursuing this. But rather than just trying to force the issue, I
would suggest you work with the rest of your group to find more effective
ways to do what they are supposed to be doing.
/Al
| 
XML Sitemap