Thanks for the education. Makes a little more sense now. AND more questions.
OK let me try and clarify this as best I can.
“Securing a server” from the data center point of view means:
- Controlling physical access to the machine with access controlled doors and physical locks on the cabinet rack.
- Controlling network access to the machine via firewalls, limiting the types of requests that can be made to it, opening ports only for services the machine intends to provide over the network. In this case, SMTP inbound and outbound only from external networks. If doing the job right, shell access is through a VPN on the local network, so providing the VPN is part of network security.
Administration is a completely separate function. I’ve held the title of administrator on both government and corporate networks, large ones. This role is sometimes also called management.
Shell access (the ability to log into a machine) is on the border between security and administration. Who controls shell access depends on the context. In a large network, user identity management, using a central authentication mechanism such as Active Directory, is part of the security function. On a single-server setup as the Clinton machine is described to be, it is an administration function, and the security people probably can’t even log into the box.
Backups are part of administration. When backups are made to some physical media such as tapes or optical disks (e.g. DVDs, CDs), the physical security of that media is in the security realm, but the actual backup process itself is the administrator’s job, as is making sure the backup actually works.
Backups can ALSO be done offsite to a different server. In addition, any system important enough often has a COOP (Contingency Of OPerations) plan involving a failover server, which is typically clustered with the main server either on the operating system level or the application level. (IIRC this was an MSExchange mail system and at the time there was no workable MSExchange clustering available.)
To wrap this up, Platte is a red herring. They may not know anything at all. The administrator is what the focus needs to be on, and that appears to be Clinton’s campaign IT director who moved to State - that makes sense, given her demand for utter loyalty, she would have wanted only a picked man to have access. That man would be Bryan Pagliano.