Securing Developer Workstations [Securing Developer Workstations]

ScottWelker — Sun, 17 Aug 2008 15:14:56 GMT

I could use 9ers cogent thoughts on securing Developer Workstations. I am on a site where developers are constrained to very minimal workstation privileges AND, the infrastructure team is… well… let’s just say unresponsive. The frustration is off-the-scale.

I now have the ear – Monday – of someone with the authority to fix this. I need to make a sound case.

I understand and agree that the workstation must be “secured against attack” and I understand and agree with the “Least-Privileged Account” idea described here: http://msdn.microsoft.com/en-us/library/aa302367.aspx.

Our infrastructure team adds that they don’t want unsupported technologies “leaking” into our applications and, they don’t want the support calls when developers “wipe-out” their workstations.

I intend to propose largely keeping everything as it is now but with these additions:

1) For each “trustworthy” developer do as the aforementioned article prescribes, create a secondary, seldom used, administrative account.

2) Make the development team responsible for their own workstation image. If we (I) wipeout our workstation, it’s our responsibility. We won’t bother the infrastructure team.

3) Establish sufficient oversight, architecture/code review, production hand-off, ??, that ensures no technology ever “leaks” into our applications.

Sorry so long winded. This is the case I’ll make – with some fine tuning.

Please feel free to fire holes in it or counter or bolster the arguments.

in reply to Securing Developer Workstations

Entries for ScottWelker

Securing Developer Workstations [Securing Developer Workstations]