Reducing The Negative Impact of Laptops 221
Mark Brunelli wrote to mention a SearchEnterpriseLinux column about reducing the negative impact laptops can have on a network's security. From the article: "Portable computers often become an extension of the person using them. It is no surprise that laptop users are inclined to be rather autonomously minded. Many users don't realize that the power they have to install software and change settings is risk prone. Fortunately, larger corporations that install Microsoft Windows XP Professional usually don't grant the laptop user full administrative rights. The same cannot be said of smaller businesses, many of which simply purchase laptops from the local store -- laptops pre-installed with Windows XP Home Edition. "
Re:My company is doing this lockdown approach (Score:2, Interesting)
As an long-time IT person myself, I can see the ways in which that would make my job easier, but it also just seemed ridiculously restritictive on the ability of people to do their work. Can't check email or your outlook calendar and write code at the same time?
Laptop Lockdown (Score:5, Interesting)
Basically, you have your primary LAN of machines that never leave the office, and your wireless lan of laptops that are blocked from the primary lan. Both networks should be able to connect to the Internet, and laptop users would be required to connect to network services just as if they were out of the office.
Good wireless AP's should be able to block laptop to laptop communications, so that all the wireless network provides is internet access. Your network services should be hardened from Internet attacks already, and if they are not that should be addressed before any laptop related issue.
This has worked relatively well for me, might have a huge whole I don't see
*/
dear god (Score:1, Interesting)
As an aside, our laptops have XP home, but our desktops have 2000. I have to ssh into my home computer (Mac), ftp the data file, process, and then ftp the results back. f..kin pain in the ass. nough rambling.
It happened where I used to work (Score:5, Interesting)
Even better: It was a security company.
Best of all: It was the Mac team that brought it to the IT Department's attention.
How about this for a compromise (Score:3, Interesting)
1) A laptop with admin rights, that has no direct access to our LAN, but only a connection to a special quarantine server, which we will use to check everything you upload before letting it out onto our LAN, or...
2) A laptop with no admin rights, locked down so tight you can't even change your own wallpaper, but which is a full peer on the LAN.
You get to pick whichever suits your working style best."
Re:Linux (Score:3, Interesting)
It's trivial to wire the windows key in such a way that pressing it has the same effect as pressing ctrl, alt and del simultaneously.
In fact, it's easier than adding a new scancode. Just have the ctrl, alt and del circuits on the keyboard run through the windows key as well.
As a side benefit, you could now be sure that the start menu is always the OSes start menu.
Never mind the fact that once windows takes over, the BIOS doesn't have a thing to say about ctrl+alt+del anymore. (If it did, your computer would reset) Windows could just as easily make a different scancode, or a combination like Alt+SysReq, the secure attention key. In fact, Alt+SysReq is what linux kernels trap for debugging purposes; no user mode program can intercept Alt+SysReq.
So, I have to disagree here. The windows key is just marketing. They could've also added copy and paste buttons, and volume up+down buttons to the windows approved layout, but didn't. Now those keys are all over the place in all sorts of "multimedia" keyboards, along with insane buttons for checking e-mail etc.