[Gllug] It is not Microsoft

John Edwards john at cornerstonelinux.co.uk
Fri Jan 9 15:53:30 UTC 2009


On Fri, Jan 09, 2009 at 03:15:07PM +0000, Jose Luis Martinez wrote:
> 2009/1/9 j.roberts <j.roberts at stabilys.com>:
<snip> 
> The machines are to be exposed irrespective of what OS is used.

Not always true.

1) Restrict boot options in the BIOS.

2) Set a BIOS password.

3) Stop people from opening the case to reset the BIOS (anything from
using "security" screws to putting the machine in a locked cage).


> The best solution would be to do automatic nightly re-installs,
> anything else is either too expensive or risky.

The problem with automatic nightly reinstalls is that it is usually
done by booting from the network using something like PXE, which is
rarely able to check the authenicity of either the DHCP server or
the image server.


-- 
#---------------------------------------------------------#
|    John Edwards   Email: john at cornerstonelinux.co.uk    |
#---------------------------------------------------------#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20090109/87fa3396/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list