April 25, 2001, 1:27 PM — This has been a rough week. It all started when I decided that I needed to lock down administrative access to our production network. Unfortunately, all didn't go according to plan.
My company's hosted application lives on approximately 50 servers that reside in a data center on the other side of town. Our production environment is considered critical; therefore, administrative access to these machines must be strictly controlled.
However, prior to my arrival at the company, everyone from the remote sales offices to the corporate marketing department had direct administrative access to the production environment. This was unsatisfactory, as only about 25 employees need access to this environment. I had no doubt that unrestricted access would eventually lead to problems -- a very scary and potentially career-ending situation for any security manager.
I contemplated a variety of methods to control administrative access before settling on this one: I would funnel all administrative access to the production servers through a single point. That point would be the "gateway," a highly secured server that would reside on its own segregated network. I built two Unix servers and called them Gateway 1 and Gateway 2. Gateway 1 would be the primary server, while Gateway 2 would function as a spare. Then I locked the servers down, stripping them of unnecessary services such as Telnet, file transfer and e-mail.