[Gllug] Cost of RedHat vs Ubuntu desktop support

[JLMS]

On Tue, Jul 14, 2009 at 2:34 PM, David
Damerell<damerell at chiark.greenend.org.uk> wrote:
> On Monday, 13 Jul 2009, JLMS wrote:
>>On Mon, Jul 13, 2009 at 4:09 PM, David
>>Damerell<damerell at chiark.greenend.org.uk> wrote:
>>>Keeps most people happy. If you want to tinker you can; but staff time
>>>isn't bled away in fixing tinkered-with machines.
>>How do they deal with security in such promiscuous environment?
>
> The usual corporate "crunchy on the outside, soft on the inside"
> firewall arrangement plus a lot of IDS.
>
> Unless you are going to explicitly restrict DHCP to certain MAC
> addresses, the stupidest people will bring in tainted personal laptops
> anyway.

Well, yes.

>
> More generally, you _cannot_ assume that an internal machine will not
> become compromised. They will. Hence you have to deal with that
> whether or not you let people fiddle with their own machines.
>

Absolutely correct.

There are products out there that actually do management of machine's
certificates in order to ensure you can't just plug your Eee PC and
start your own corporate server.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug