Hi,
I am in the midst of adding some backup proxies with direct san access. Did all the specifics that come with it, obviously taking care of disabling automounting and setting my san policy to OfflineAll. I want to enforce these settings so that under whatever circumstance these settings cannot be undone. Any person with sufficient rights could easily login and run diskpart and cause damage or a security admin checking policies might change it . I have been thinking of things like preventing diskpart to be run (besides for storage admins) and have some policy enforcements by putting the proxies in an OU and define specific rules for them. Any suggestions on that part?
-
Peejay62
- Expert
- Posts: 235
- Liked: 37 times
- Joined: Aug 06, 2013 10:40 am
- Full Name: Peter Jansen
- Contact:
-
Dima P.
- Product Manager
- Posts: 14726
- Liked: 1707 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: Enforcing SAN policy settings
Hello Peter,
As for me – shutting down all RDP /Remote Shell Access on the proxy servers would be enough. Also I would double check that admin accounts are not used on a daily basis – but only on purpose
If I am not mistaken you can create OU and grand limited access for the AD user group /or user. But that would not save you from the security breach when password from the authorized account would get to the wrong hands.have some policy enforcements by putting the proxies in an OU and define specific rules for them.
As for me – shutting down all RDP /Remote Shell Access on the proxy servers would be enough. Also I would double check that admin accounts are not used on a daily basis – but only on purpose
Who is online
Users browsing this forum: No registered users and 64 guests