RoboGeek

RoboGeek's (David Herron) Weblog: co-developer of Robot and several other things related to Java testing.

All | Corporate Blogging | ecological computing | General | Java | Podcast

« Re: iTunes for Linux | Main | A look at another... »
20060118 Wednesday January 18, 2006

Corporate IT security at Sun There's this slashdot posting I found interesting:   KoshClassic asks: "What is the right balance between security and productivity, in the corporate IT environment? Looking back at my company, 10 years ago, our machines were connected directly to the Internet, no proxy, no firewall, no antivirus software. Today, my company's proxy server blocks access to: 'bad' web sites (such as Google Groups; our 'antivirus' software prevents our machines (even machines that host production applications) from carrying out legitimate functions, such as the sending of email via SMTP; and individual employees are forced to apply security patches with little or no notice, under threat of their machines loosing network access, if they do not comply by the deadline. On one hand, you can never be too secure, however on the other hand, have we become so secure that we're stifling our own ability to get things done? What is the situation like at other companies?"

Since it's usually pointless to reply on a slashdot thread (you almost always get lost in the noise) I thought to toot a horn or two over here.  What's IT security like inside Sun?  It's really pretty good, a low level of burden, the requirements are very transparent.

I think the main thing keeping Sun from major problem is we simply don't have many Windows machines to begin with.  (Fancy that)  They do exist, especially as some parts of Sun actively develop software for Windows.  They do cause problems from time to time.  (the typical virus attacks)

The IT security team requires we run a script ("XP Neuter") at every bootup which fiddles with some settings meant to keep XP "safe".  I don't know off hand what those settings are.  Maybe they turn off some of the default IIS instances that Windows likes to start.

The other thing IT requires is we use a virus scanner package, and that it automatically update.  There's a corporate license with one of the virus scanner makers, and we get the automatic updates through that arrangement.  However they (IT) aren't as draconian as the slashdot writer describes in that Sun's IT doesn't breath down our necks to make sure the virus scanner actually is up-to-date.

I don't remember there being a requirement to run a firewall or block access to specific ports (e.g. SMTP) etc.  There is a corporate firewall and I haven't been able to determine if they block access to specific sites, since all the sites I look at are available.

The IT security department also checks Mac OS X security, and occasionally issues security advisories for OS X.  The advisories for Windows far outstrips the OS X advisories, however.  There are a surprising number of OS X users inside Sun.

In my case (as is common) my laptop/PC runs Linux ... there is an XP partition that I occasionally boot, but the majority of the time it's in Linux.

(2006-01-18 22:21:31.0) Permalink Comments [2]

Comments:

Gratifying to hear your IT department isn't as draconian as some, and cool to know you're a Linux user - as am I :) I found your post amusing, especially the true fact that XP needs to be "neutered" in order to be safe - by default it's full of wholes and just waiting to be exploited. Keep up the great work :D

Posted by Alex Howells on January 19, 2006 at 12:40 AM PST #

Boy, I sure would like to know what's in that Neuter XP script (actually, a copy) - so I can do likewise at home. I've read a few articles about "do this, do that, to make Windows safer"; but my admin skills weren't up to following their directions.

Posted by Lance on January 19, 2006 at 12:40 PM PST #

Post a Comment:

Comments are closed for this entry.