|
I spend a fair amount of time arguing with my head tech guy over network issues. He wants to wall off everything from everybody. I want things as easy/open as possible. So we have a multi-tier, multi zone network. Some machines are put behind fort knox (mostly the office personel), the servers are in another area with certain port restrictions, and others (like my desktop which serves as a testing server for some things, and my developer's dev boxes) are in "the gutter" with unfettered outside access. He wanted to require VPN to get into fort knox and I said no...I refuse to use VPN....figure out another way.
This is always a balncing act. But we are an academic institution, not a business with super sensitive data. And in fact, we *want* people using parts of our network and applications. By putting security in place that raises the bar for engagement, we shoot ourselves inthe foot.
|