Gregory K. Ruiz-Ade wrote:
Nothing in life is one-size-fits-all. Especially things like system/
network security policies. It just doesn't work.
I tend to go with four or five different "lockdown policies".
Developers, tech-support, secretaries, IT and open. I try to create
fairly robust sets of applications so people aren't caught not being
able to install something they really need.
Then, as people "prove" themselves, I'll progressively relax the
restrictions on the machines.
This works mainly for developers, because some are very clueful and some
are just a menace to the network. =)
I've also found that tech-support folk are the people who need the most
watching, since they tend towards "Let's install this packet generator
and see what happens" type behaviour.
-ajb
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
