Sign in with
Sign up | Sign in
Your question

Managers plugging Externals directly into servers

Tags:
  • Servers
  • Business Computing
  • External Hard Drive
Last response: in Business Computing
Share
July 10, 2014 7:56:29 AM

So I'm the IT manager at a small company, and we have a really simple LAN setup with a few servers. I want to prevent people from putting external hard drives directly into servers, but I really have no justification for it. Their work processes way quicker when plugged in directly to the server, so I can't find a reason besides security that it would be an issue if production runs faster.

Normally I would like them to plug the externals into their desktop stations to process their work, but obviously running it over the network is slower than local processing and movement.

Is there a way I can securely still have them plug in USB drives into the servers without them having to sit down at the server and access it?

More about : managers plugging externals directly servers

July 10, 2014 8:05:52 AM

Security trumps everything else. Why does anyone other than yourself, or your staff, have physical access to servers?
m
2
l
July 10, 2014 8:05:57 AM

You really shouldn't allow anyone plugging things in to servers. Especially external storage. This can have malware and could also mess up your backup locations.
Can you not set up a partition for these users to copy their data to on a network location and process data from there?
m
0
l
Related resources
July 10, 2014 8:23:24 AM

It would still be slower to process over the network. I may just keep making my case that it's a security risk and prevent direct access. The Data is too much to partition off. They plug in 2-4TB drives. It isn't small data.
m
0
l
July 10, 2014 8:27:16 AM

As the IT manager you shouldn't have to be making a case of it to anyone else. Declare that henceforth no one other than IT personnel have physical access to servers and external devices will not be allowed to be installed. Then move the server/s to a secured location to which only you or your staff have access.
m
1
l
July 10, 2014 8:51:43 AM

You could secure the servers by disabling the USB ports so that only someone with ADMIN access can enable them, use them and then disable them again. Physically moving them isn't necessary to secure them although it is optimal.

This is also an indication that you should be asking management for additional shared storage so that these users data (assuming it is important to the business) can be centrally managed to protect against loss.

A third possibility which would be cheaper than more shared storage would be to have a DMZ type server, isolated from the rest of the network, which can be used EXCLUSIVELY to process this data on the USB disks. If this is the choice, then upgrade the disks to e-SATA for even better performance.
m
0
l
July 10, 2014 9:28:49 AM

kanewolf said:
You could secure the servers by disabling the USB ports so that only someone with ADMIN access can enable them, use them and then disable them again. Physically moving them isn't necessary to secure them although it is optimal.

This is also an indication that you should be asking management for additional shared storage so that these users data (assuming it is important to the business) can be centrally managed to protect against loss.

A third possibility which would be cheaper than more shared storage would be to have a DMZ type server, isolated from the rest of the network, which can be used EXCLUSIVELY to process this data on the USB disks. If this is the choice, then upgrade the disks to e-SATA for even better performance.


Those are some good ideas I may use. I decommissioned a few older servers that have good enough hardware to be used for that type of situation.
m
0
l
July 10, 2014 10:56:25 AM

I would go with kanewolf's ides with have a dedicated server to allow them to use. Also how big are the files? Do all the workstations connect to the network using gig ethernet?
m
0
l
!