Server Access and Security

BOCHERF at MAIL.STATE.WI.US BOCHERF at MAIL.STATE.WI.US
Wed Jun 18 14:28:51 EDT 1997


Hi:

For the last three years our Web site has been hosted on a server at our state
administration dept.   While we have Web policies, guidelines, various HTML
templates, etc., our Web development is very decentralized with each division
in our dept. responsible for their own area and FTPing their files to the
administration dept.'s server.

A few months ago we hired a real Webmaster, purchased our own server
(Sun Netra), firewall (Solstice 2.1),  etc.  As part of site management our new
Webmaster wants to have sole access to the production Web server for
security purposes.  Ideally I'd still like to allow 6-8 key staff to have access to
update their own division areas as they now do.  The 6-8 staff involved also
want to maintain this process.   The Webmaster says this will compromise
security too much.  (The major concern is not that these 6-8 staff will
overwrite files, etc., it is that too much internal access opens too many
opportunities for *external* break-ins.)

I have several related questions.

1)  How many of you allow more than one staff person to actually update files
on your real-world Web server?

2)  If you allow this, how many staff have access?

3)  If you allow multiple staff access is it done through a firewall?

I do not have direct experience in configuring a firewall but I feel there must be
a way to do this to allow 6-8 staff to access the server w/o compromising
security too much.   I'd appreciate any feedback on this issue.

Feel free to reply directly to me.

   --  Bob
_______________________________________________________
Bob Bocher,  Library Technology Consultant
WI Dept. of Public Instruction,  State Division for Libraries...
Box 7841 Madison, WI 53707  608-266-2127  fax: 608-267-1052
bocherf at mail.state.wi.us  2nd email: rbocher at mail.badgerdial.net
www.state.wi.us/agencies/dpi/



More information about the Web4lib mailing list