On Wed, Nov 23, 2011 at 11:24 AM, Scott Barnes <[email protected]> wrote: > See, i'm not buying that :) > Risk matrix - Consequences vs Likelihood. > Questions - Why are developers working with production grade data (customers > info etc). Shouldn't that be partitioned off into a more secure locked down > release area only. Developers working with "Foo Jones" is imho the counter > pill to the for mentioned claim. > Placing the developer pool in their own DMZ sandbox imho is also the way > forward, so if they are compromised its contained and all data etc should be > test data that doesn't include sensitive information. > IP getting stolen? Theres a million ways to bypass a locked down machine to > get the data in/out ..if someone were to expose the code base or documents > it first is likely they are moving data outside the confines of the said PC > and secondly are likely to screw up no matter how much Sys Admin nannying is > in place. > In all honesty, I think Sys Admins today really need to reign in their > approach to making the zen-like perfectly secure network. Devs need more > room to play in, so provide them with a sandbox to play in and look instead > into ways of emulating the network solutions they are build for than just > declaring SOE war. > Having spent a few tours in GOVT, its like the Sys Admins are still reading > their "How to prevent virus attacks on Windows NT 4.0" playbooks.
Hah govt - spent some time there and it was a joke to say the least. No Internet access at all in some departments. Well done govt, that's what I call productivity for devs! > Didn't Suncorp recently adopt the "bring your own pc to work" philosophy? As will all things we need to have some balance > > --- > Regards, > Scott Barnes > http://www.riagenic.com > > > On Sat, Nov 19, 2011 at 12:06 AM, Ken Schaefer <[email protected]> wrote: >> >> On the other hand, you just head over to the sysadmin lists and see the >> admins complaining about how much time is consumed supporting developers who >> get their machines compromised or otherwise borked. Putting unauthorised >> networks into an environment is a huge no-no in my book. Most developers do >> not have the skills or the knowledge to secure a network, let alone know >> what regulatory/audit requirements the business has. Then, if there is a >> compromise and corporate IP is stolen, customer information stolen etc. due >> to ingress via an unauthorized network, who is going to take the rap? >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] >> On Behalf Of Arjang Assadi >> Sent: Friday, 18 November 2011 5:00 PM >> To: ozDotNet >> Subject: Re: [Friday OT] unstoppable force meets an immovable object, >> >> On 18 November 2011 19:47, Les Hughes <[email protected]> wrote: >> > Get a rouge box on the network with VMWare and set up a shadow >> > network. A wireless router can also help if the wired network is a >> > little discriminatory. >> > >> > Fight the power! >> >> Brilliant! >> >> That's voice of a true programmer being an unstoppable force talking, > >
