Forgot your password?
typodupeerror
Security

+ - Is this bad advice from an IT manager?

Submitted by e-scetic
e-scetic (1003976) writes "We've secured funding for building a new website to replace our current one. My direct managers, however, not being technically inclined, are seeking input from our Manager of IT. In response, he has set down a number of dictates that he wants us to follow. Here's the part that frightens me most:

  • 4. You should avoid security issues for now and concentrate on multiple user access for maintenance and updates login issues.
  • 5. You must not worry about performance. You need to concentrate on making a workable website first. You must keep it simple.


Some details: I wanted to create a development and production environment, with a development server using version control and pushing stable changes to the live production server. I wanted to isolate the databases to a separate database server, with each web server remote logging to the database server (using syslog-ng). As we'll be generating email newsletters to the tune of 60k emails per issue, I wanted a separate machine for that too (PostFix, most likely). And most importantly, I wanted to spend time early in the project hardening everything — mod_security, mod_evasive, firewalls, intrusion detection, chroot jails, OS lockdown, SSH, etc., the works, before we began development

But the IT Manager is saying to do this:

  • 10. You must design everything on one server for simplicity and design it in such a way to split the application when you need to do so (when it goes on line). I mean your database, your website, and your email server can all be developed on the same simple prototype server hardware.
  • 12. Leave purchasing the actual hardware are for close to the end of the project when it needs to go on line.


I don't believe this is good advice, given we have one year to complete the project I think my route is safest. Can the Slashdot community advise my non-technical managers as to which of us, me or the IT manager, is on the right track? Or Maybe give advice on how to deal with this IT Manager?"

If I have seen farther than others, it is because I was standing on the shoulders of giants. -- Isaac Newton

Working...