Re: Worms, Air Gaps and Responsibility

[Devdas Bhagat <devdas () dvb homelinux org>]

On 10/05/04 14:07 -0400, Mark Gumennik wrote:
<snip>
> Ron,
> This is exactly my point:
> If you want to put LINUX on the DESKTOP you have to use all the bells and
> whistles which makes vuln. on it equal to MS
No!. You do not have to use the same programs as the others.
<insert standard biological analogy about the species and the individual
here>

> PS I'm glad I made such a splash, how wonderful it'd be to go back to the
> world were the knowledge of 25-30 network commands made us all look sacred.
> Speaking of LDAP , Kerb and other tools : obviously the use of them makes us
> look much better than such earthy things as MS AD or Novell NDS where all
> this staff is already built-in FOR THE DESKTOPS (not for the  remote AAA).
Which desktops? Right now, I can classify desktops into four major types:

1> The corporate desktop.
        This is a standard desktop with specific applications needed for
work. This desktop needs to be maximally restricted and locked down,
with centralised AAA and other requirements.
        Some applications may only be available for Windows, others for
Linux/BSD. This is where you really want open standards. LDAP, Kerberos,
etc fit into this space.

2> The casual user desktop.
        This is the typical "Aunt Tilly" desktop. Used for email, some
web surfing, IM, etc.
        This is the appliance desktop requirement. This desktop is
currently affected by viruses, popups, and other crap which also hurts
the rest of the Internet. Most of the dangerous applications running
here need NOT be on the corporate desktop at all.

3> The power user desktop.
        This is where we want a non appliance desktop that is easy to
manage by someone who really isn't a sysadmin by profession. Apple seems
to be filling this space nicely at the moment. These users are likely to
dual boot, and demand more from their computer than most users.
        However, these users, IMHO, can be educated to the point of
maintaining security on their local systems.

4> The gamer desktop.
        Windows rules this space. Period. Also, irrelevant to the
current discussion.

The issue facing system administrators today is that there is no
difference in the desktops for groups 1, 2 and 3. The requirements are
different, but the same desktop and common applications are available
and they cannot be removed on Microsoft Windows.

Groups 1 and 2 are both appliance desktops, with vastly different
requirements. If you want to compare a computer to an oven, the first is
the oven at a bakery while the second is the one in your kitchen.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards