| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6199A25648C5CF4596C8577AC6D20313351B@osiris.wetgoat.net> From: james at wetgoat.net (James P. Saveker) Subject: Re: Microsoft Security, baby steps ?[Scanned] [Scanned] Valdis.Kletnieks@...edu said... <snip> If you have 30K machines, figure on several dozen needing to install from disk *every day*, just due to hard drive failures and the like. And it only takes 1 junior secretary using the old disks instead of last Tuesday's..... The real problem is at the low-end corporate environment - how many sites that have only 50 or 100 machines can afford somebody who's able to slipstream updates every month? </snip> If you have 30K seats then as I pointed out image installation would be done via the SMS server or for companies not running SMS they may use RIS or another image multicast server. The desktop units will of course have PXE boot roms on the NIC's and therefore not even need a boot disk. The images are stored on a central server/servers and are therefore "always" up to date(no room for low grade secretary error). Of course not all companies and what not have the resources to be able to run SMS or even perhaps the need. SMS is more than just a hyped up RIS server, it maintains updates across the network and also run hardware/software inventory (for lics) and software monitoring, e.g. don't want people to run quake tell SMS and or MOM the MD5 hash of the bin and your cooking on gas. For smaller companies the IT staff should find it easier in a 2K domain or above let's face it RIS is free with 2k server (running a native windows network) They would of course have to keep RIS images up to date. They could install SUS for free (whoever said Microsoft don't give stuff away :-) to maintain the patches on the network, also to test bed them away from the production network. Fire up the MBSA once in a while and they are also cooking on gas. In fact all tasks for smaller companys can be done by people with little up top using SBS 2003 and enjoying the wizards. The tools are available the documentation is available, if people are running windows networks they should at least hire one MCSA to run it or an MCSE to design and run it. But then I am sure that's another topic in itself, one I do not want to get involved in. James Saveker www.wetgoat.net "The only thing which helps me maintain my slender grip on reality is the friendship I share with my collection of singing potatoes..." This e-mail has been virus checked by Sophos Mail Monitor. There are inherent dangers in the opening any Attachments contained within e-mails. wetgoat.net cautions you to make sure that you completely understand the potential risks before opening any of the Attachments. You are solely responsible for adequate protection and backup of the data and equipment used in connection with this e-mail service, and wetgoat.net will not be liable for any damages that you may suffer in connection with using, modifying or distributing any of the Attachments. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3024 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040318/c7602696/smime.bin
Powered by blists - more mailing lists