I have just been working through Microsoft’s MSAT risk assessment tool and one of the controls it suggests I would appreciate some clarification on.
Does you company use DMH (dedicated management hosts) for the secure administration of systems and devices within the environment? And if so select systems for which dedicated management hosts exist: servers/network devices.
So can anyone tell me what exactly is a “dedicated management host”, and what is the risk of administrating say your payroll server without a “dedicated management host”, what risks could they impose on the server itself? What features on a DMH would prevent this type of risk? Is it practical in big IT shops where you have numerous sensitive servers to use DMH’s?