Comprehensive data protection for all workloads
Post Reply
Peejay62
Expert
Posts: 235
Liked: 37 times
Joined: Aug 06, 2013 10:40 am
Full Name: Peter Jansen
Contact:

Enforcing SAN policy settings

Post by Peejay62 »

Hi,

I am in the midst of adding some backup proxies with direct san access. Did all the specifics that come with it, obviously taking care of disabling automounting and setting my san policy to OfflineAll. I want to enforce these settings so that under whatever circumstance these settings cannot be undone. Any person with sufficient rights could easily login and run diskpart and cause damage or a security admin checking policies might change it . I have been thinking of things like preventing diskpart to be run (besides for storage admins) and have some policy enforcements by putting the proxies in an OU and define specific rules for them. Any suggestions on that part?
Dima P.
Product Manager
Posts: 14396
Liked: 1568 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Enforcing SAN policy settings

Post by Dima P. »

Hello Peter,
have some policy enforcements by putting the proxies in an OU and define specific rules for them.
If I am not mistaken you can create OU and grand limited access for the AD user group /or user. But that would not save you from the security breach when password from the authorized account would get to the wrong hands.

As for me – shutting down all RDP /Remote Shell Access on the proxy servers would be enough. Also I would double check that admin accounts are not used on a daily basis – but only on purpose :wink:
Post Reply

Who is online

Users browsing this forum: Amazon [Bot], Google [Bot], Kristina.Zalesakova, kyle.shuberg and 182 guests