Re: [fw-wiz] Worms, Air Gaps and Responsibility

From: Devdas Bhagat (
Date: 05/10/04

  • Next message: Paul D. Robertson: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
    Date: Tue, 11 May 2004 00:02:18 +0530

    On 10/05/04 14:07 -0400, Mark Gumennik wrote:
    > Ron,
    > This is exactly my point:
    > If you want to put LINUX on the DESKTOP you have to use all the bells and
    > whistles which makes vuln. on it equal to MS
    No!. You do not have to use the same programs as the others.
    <insert standard biological analogy about the species and the individual

    > PS I'm glad I made such a splash, how wonderful it'd be to go back to the
    > world were the knowledge of 25-30 network commands made us all look sacred.
    > Speaking of LDAP , Kerb and other tools : obviously the use of them makes us
    > look much better than such earthy things as MS AD or Novell NDS where all
    > this staff is already built-in FOR THE DESKTOPS (not for the remote AAA).
    Which desktops? Right now, I can classify desktops into four major types:

    1> The corporate desktop.
            This is a standard desktop with specific applications needed for
    work. This desktop needs to be maximally restricted and locked down,
    with centralised AAA and other requirements.
            Some applications may only be available for Windows, others for
    Linux/BSD. This is where you really want open standards. LDAP, Kerberos,
    etc fit into this space.

    2> The casual user desktop.
            This is the typical "Aunt Tilly" desktop. Used for email, some
    web surfing, IM, etc.
            This is the appliance desktop requirement. This desktop is
    currently affected by viruses, popups, and other crap which also hurts
    the rest of the Internet. Most of the dangerous applications running
    here need NOT be on the corporate desktop at all.

    3> The power user desktop.
            This is where we want a non appliance desktop that is easy to
    manage by someone who really isn't a sysadmin by profession. Apple seems
    to be filling this space nicely at the moment. These users are likely to
    dual boot, and demand more from their computer than most users.
            However, these users, IMHO, can be educated to the point of
    maintaining security on their local systems.

    4> The gamer desktop.
            Windows rules this space. Period. Also, irrelevant to the
    current discussion.

    The issue facing system administrators today is that there is no
    difference in the desktops for groups 1, 2 and 3. The requirements are
    different, but the same desktop and common applications are available
    and they cannot be removed on Microsoft Windows.

    Groups 1 and 2 are both appliance desktops, with vastly different
    requirements. If you want to compare a computer to an oven, the first is
    the oven at a bakery while the second is the one in your kitchen.

    Devdas Bhagat
    firewall-wizards mailing list

  • Next message: Paul D. Robertson: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"