> Developers should have access only to production systems
> Testing group should have access only to staging/testing systems
> No internet/external access to production nor staging systems.
>
> The objective is to protect the production site, i.e. the business.
>
Yeah, but I've set up a number of web app development groups and I can't
think of a single instance where remote people didn't need enough access to
review work that was up on the testing systems. And its usually not really
practical to enforce some sort of secure access (VPN etc) in every case.
Usually its the "Oh no, the VP of Marketing needs access in 1 hour from <some
random place>". Its always best to consider the final QC/test system as
having identical security requirements to the production system. Larger
organizations with entirely internal staffs and a lot of infrastructure would
of course be different.

Personally I'd most like to see system vendors providing systems that can be
set up with several possible "security profiles" out of the box (not that one
should entirely trust any such thing, but at least it would be a starting
point). That would at least let an admin install a machine with the "webapp
server profile" and have a good base from which to secure the machine without
having to worry too much about getting rid of useless subsystems, etc.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]