Wednesday, July 27, 2005

Going off the Net

The internet is a wonderful thing, it is also a very dangerous place. Any computer system connected to the internet can and will be attacked. There is also a viral aspect to the internet, which means that while it is difficult to do with the internet and it is also difficult to do without.

At work we are building a software product that when combined with a number of other complex software systems on a cluster with a SAN will do wonderful things. However, configuring and debugging all this stuff requires a lot of privileged access.

The company has a lot of rules to protect its computer systems from attack. Part of that is denying users privileged access, which is sensible for most users. However when we want anything privileged done, we have to ask the IT guys to do it as they are the ones with the privilege, and each request takes its own time.

The test system arrived and my first thought was that we could bypass all these rules that slow progress by taking it off the net. If the test system is not connected, it is safe from attack, we do not have to follow all the rules and we can have all the privileged access we need to get things done as and when we want.

I suggested this at our project meeting and the first question was "if it is not on the net, how do I telnet to it for debugging?" I described sneakernet, the secure alternative to the internet. You burn a CD, pop it out, walk across the room, pop it into the test system and "Robert est votre oncle".

Everyone looked at me like I was mad, or maybe they thought that I was just lost in another millennia. The notion that you needed to be in the same room as the test system seemed retrograde. As did the idea that you could not be browsing Slashdot while waiting for that conditional breakpoint to pop. So we are going to have to put up with the constant battle with IT to get simple things done because now it is impossible to go off the net.

No comments: