-
March 5th, 2006, 04:30 PM
#21
As stated earlier....
As we are obviously talking about "the enemy within" you MUST blend in physical security and a strong AUP as part of your security model.
This IS they only way to circumvent
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
March 5th, 2006, 08:06 PM
#22
Sir Dice said:
Domain policies, third party software and what not are all moot if I can boot the machine with a live-cd...
That really hits the nail on the head! the actual issue is more like "How do I stop users running unauthorised executables in my environment" rather that "how do I stop them running batch files"
JonnyFrond
Wow Nihil, I had no idea, which James Bond film were you in??
It isn't funny mate. Given that this sort of thing is rife in secondary schools, vocational colleges and universities, you have to assume that people you hire these days will have the knowledge and skill to pull it off....................even if they couldn't write a batch file to save their miserable lives
As for the boot sequence, you can use a custom BIOS and/or an EEPROM chip, and put a lock on the case.................mess with that and you are out................instantly.............as I have said, a strong AUP is part of the model.
Also, why pay for CD/DVD drives, USB, floppy drives if you don't NEED them.
-
March 8th, 2006, 09:23 PM
#23
Originally posted here by nihil
Also, why pay for CD/DVD drives, USB, floppy drives if you don't NEED them.[/B]
Actually, with the A-brands you seem to have to pay them to leave it out these days
But.. The A-brands (the corporate models at least) also have case locking so you can use those laptop type kabel/locks to lock/secure the casing and LCD to the desk. Added bonus: it'll make the computer harder to steal.. physicly that is..
BIOS boot order and password should prevent booting from anything else but the harddrive.. GPO and perhaps some third party software should give you some control over who can access thumbdrives and/or cd/dvd-roms.. The A-brands also have a small cover switch that gets activated when the case is opened.. Next time the computer boots normally it can send a signal to you.. The cloners also picked up on this so there are casings and mainboards around that also sport these 'corporate' features
Oliver's Law:
Experience is something you don't get until just after you need it.
-
March 8th, 2006, 10:33 PM
#24
I recently attended an MS Vista preview and they had 2 new features that would be handy and prevent physical access to data stored locally.
The ability to lock out usb drives...and harddrive encryption....
Not sure if these features will be available in all versions....
So far they have 3 versions for home use and 3 versions for business...
Supposedly the guts are all the same...just some features are turn on\off with the different versions.
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|