Yesterday, one of the big banks in Norway basically had to shut down most of its services due to a worm (viking.gt) infecting more than 10000 Windows PC’s running in nearly 200 branch offices (see article in norwegian). OK, I know I am wierd but my first thought was “oh boy, I am glad I am not a developer working for one of the traditional norwegian banks right now”. Why? Because I think I know exactly what is going to happen, seen from a developers point of view.

The banks will immediately impose strict restrictions on how people use their machines; developers will loose sysdmin rights on their computer, internet filters will be tightened to make sure that only “serious” sites can be reached, downloading stuff from internet will be banned, and email with binary content will be silently thrown away by the mail system, and much more. It is a bit like, after a nasty accident, you take away all the sharp tools from your carpenters and still expect them to be productive and enjoying their work. Then after weeks and months of struggling, the restrictions are lifted or relaxed one by one, the developers have to beg and fight for each improvement, like explaining to perhaps six levels of management, both verbally and in written text, why, say, having read access to slashdot.org is important, and why they need to have svn access to external repositories. They might have to explain to another group of nutheads why they need sysadmin rights for installing Ethereal or basically all other useful developer tools. It might take several months (or never) to restore an environment where efficient software development can happen. Until next time a virus or another security story hits the headlines in the news…

I did work in the banking industry for a couple of years, and the scenario described above happened over and over again. Why? Because our production servers, the administrative machines and the developer machines were all on the same LAN! Believe it or not. I suspect that this is quite common in other banks as well. This means that if you control the machine of a developer, then you have more or less free network access to the productions servers and to the workstations used by the people to manage this servers. With such a network configuration we had to find a compromise between the security, reliability and usability requirements for all these different environments (production, administration, development) at the same time. The result was of course suboptimal for everyone.

The solution, I belive, is to make sure that you separate the corporate network into several completely separated networks, where secure double locked VPN/SSH tunnels and/or remote desktop solutions is the only way to access machines on one network from another network. But first of all, make sure that the developer network has no possible network path into the administrative or the production network. You could even consider a setup where different development groups are on separate LANs, perhaps with ssh access between the LANs and a common shared software repository. First of all this will be a much more secure setup, but perhaps even more important (seen from a developers view) this will also be a productive environment to work in. With such a setup a developer will not be locked down by all the security and reliability issues that the production and administrative network needs to care about. As developers, we do actually care about security and reliability, but at the same time we really, really need all the sharp tools that we can find to be productive and enjoy what we are doing…