Security
From Sysadmin
The importance of security cannot be understated. A break in could cause a serious outage for the organisation, the destruction of important data or even the escape of confidential information. The security principals listed in this section should be adhered to by system administrators at all time. Non-sysadmins are often focused on other areas, such as finishing up a project, delivering a demonstration or finalising a deal. Part of the job of the sysadmin is to consider the security ramifications of any request received.
Security is not an absolute and must be weighed up against the business requirements that users have. It is important to remember however that avoiding outages, protecting company resources (computer systems and data), and preventing the escape of confidential information are themselves business requirements. While they are not always explicitly stated as such, they are ever present.
If users make requests that may result in significant security threats to the company discuss this with the people involved. In many cases it is possible to find an alternative solution which achieves the business requirement without the loss of security. An example is a request to open up access at the firewall to a workstation to demonstrate an application to clients. It may be that providing access via a reverse proxy or provisioning a virtual system to run the application may achieve the same result with less threat to security.
