RE: Altiris Deployment Server vs. Microsoft SMS

From: Depp, Dennis M. (deppdm_at_ornl.gov)
Date: 11/24/03

  • Next message: Robayo, Fernando: "RE: MIP's and HIDE on checkpoint NG"
    Date: Mon, 24 Nov 2003 17:25:03 -0500
    To: Steve <securityfocus@delahunty.com>, ZyberGeek@comcast.net, security-basics@securityfocus.com
    
    

    Steve,

    I do not consider encryption from server to desktop to be an issue.
    Encryption can be accomplished by utilizing IPSEC if it is necessary. I
    do not consider encrypting this information on an internal network to be
    critical. For machines outside our internal network, I recommend using
    a VPN to encrypt all traffic.

    In terms of security I considered the following:

    - Identification of machines that need patches/service packs
    - Pushing patches/service packs to machines
    - Cost of solution. This includes management costs of the system
    - Impact on the end user

    Other items I might consider (but didn't in my evaluation):
    - Security model including delegation of responsibilities to other
    groups

    Dennis

    -----Original Message-----
    From: Steve [mailto:securityfocus@delahunty.com]
    Sent: Monday, November 24, 2003 4:59 PM
    To: Depp, Dennis M.; ZyberGeek@comcast.net;
    security-basics@securityfocus.com
    Subject: Re: Altiris Deployment Server vs. Microsoft SMS

    I'll assume you mean "wins" in terms of security. I think the security
    areas/issues would resolve around:
        - encryption from the server to the desktop
        - system admin management access control
        - what else?

    Network Computing covered some of the above issues but not in too much
    depth. You could review sales technical literature from both products
    online for your comparison.

    I tried getting SMS working years ago and would have rather hit myself
    in
    the head with a hammer, which I think we tried at one time during the
    deployment. I have desktop management experience with LANdesk Manager
    when
    it was an Intel product and another product called Callisto Orbiter
    which
    was obtained by Novell. We didn't really get into security issues with
    those products but I can see the merit of your question about security
    and
    desktop management, don't want some unauthorized person pushing some
    worm/keylogger etc to all your hundreds or thousands of computers for
    sure.

    ----- Original Message -----
    From: "Depp, Dennis M." <deppdm@ornl.gov>
    To: <ZyberGeek@comcast.net>; <security-basics@securityfocus.com>
    Sent: Sunday, November 23, 2003 9:09 PM
    Subject: RE: Altiris Deployment Server vs. Microsoft SMS

    What kind of desktops? All windows or a mix of Windows, Mac and Unix?
    If all Windows clients, I think SMS with the SUS feature pack wins over
    Altiris hands down. If you are running a mix, SMS is still a
    possibility, but you will need to purchase some add on tools from
    Altiris to finis the task.

    Dennis

    -----Original Message-----
    From: ZyberGeek [mailto:ZyberGeek@comcast.net]
    Sent: Saturday, November 22, 2003 9:03 PM
    To: security-basics@securityfocus.com
    Subject: Altiris Deployment Server vs. Microsoft SMS

    Between Microsoft SMS and Altiris Deployment Server, which product could
    be
    considered to be the better one for managing several hundred desktops
    from a
    security stand point?

    Z.G.

    ------------------------------------------------------------------------

    ---
    ------------------------------------------------------------------------
    ----
    ------------------------------------------------------------------------
    ---
    ------------------------------------------------------------------------
    ----
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    

  • Next message: Robayo, Fernando: "RE: MIP's and HIDE on checkpoint NG"

    Relevant Pages