Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Best practice?
Posted by: Cagekicker
Date: January 14, 2009 10:50PM

I am trying to figure out what the best practice is regarding computers that are used for website development in a "secure" network.

They have a lot of Adobe products and other development tools on them. The users that utilize these have to have administrative rights on these computers, and you know how code junkies love to play and test things...So, I'm curious as to whether best practice would be to make them stand-alone boxes off the network, a lab environment or what would you suggest?

I've been doing searches for this, but so far have mainly brought up web application security best practices and haven't had much luck on what would be best for the computer's themselves.

Anyone able to assist in providing guidance or a good place to get this information would be greatly appreciated!

--------------------------------------------------------
Regarding gun carry laws: I'd rather be judged by 12 than carried by six...



Edited 1 time(s). Last edit at 01/14/2009 10:51PM by Cagekicker.

Options: ReplyQuote
Re: Best practice?
Posted by: Matt Presson
Date: January 15, 2009 09:02AM

If you are concerned about the developers having too much power with the devices and what they could do to other machines on the network, put them in a lab on a different subnet with ACLs on the router/switch constraining where they can go. Secondly, protect the ACLs on the router/switch by specifying that only a select groups of IPs can access the admin ports of the router/switch to change the ACLs. Obviously, these IPs would need to be outside of the subnet you are giving to the devs. You could even place their test servers in the lab too if that is any concern.

In this manner, you segregate the parts that you do not trust and can hopefully sleep (at least a little better) at night.

-----------------------------------------------------------------------
(ú=(θ='',[µ=!(Φ=!θ+{})+θ,Θ=Φ[ø=+!θ]+Φ[+θ],ĩ=µ[ø],Ø=µ[º=ø+++ø],Ç=Φ[º+ø],à=ú[Φ[º+º]+Φ[+θ]+Ç+ĩ]][Ø+Ç+Θ])())[ĩ+à('•êí')](Ç+à('Á«)'))

Options: ReplyQuote
Re: Best practice?
Posted by: Cagekicker
Date: January 15, 2009 11:14AM

Nevermind, I think I found what I was looking for buried deep within the confines of our policies. :)

--------------------------------------------------------
Regarding gun carry laws: I'd rather be judged by 12 than carried by six...

Options: ReplyQuote
Re: Best practice?
Posted by: id
Date: January 15, 2009 01:00PM

I agree with Matt, that's best practice, and you also need policies about moving code and data around if those are concerns.

Of course they should also probably be VMware boxes you can just reimage once the devs fuck something up, cuz you know they will...

-id

Options: ReplyQuote
Re: Best practice?
Posted by: Cagekicker
Date: January 15, 2009 01:52PM

Yes, that's what I found in policy was stuff along the same lines. :)
Thanks for the clarification guys! :)

--------------------------------------------------------
Regarding gun carry laws: I'd rather be judged by 12 than carried by six...

Options: ReplyQuote
Re: Best practice?
Posted by: thrill
Date: February 01, 2009 01:42PM

I would say just shoot all developers.. imagine how much faster your network would be without them.. ;)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Best practice?
Posted by: Cagekicker
Date: February 17, 2009 06:01PM

Tried that, didn't work out so well. :)

--------------------------------------------------------
Regarding gun carry laws: I'd rather be judged by 12 than carried by six...

Options: ReplyQuote


Sorry, only registered users may post in this forum.