Gabriel Sechan wrote:
Absolute security would be nice. Unfortunately, its not possible. With the current state of the art, we need to draw the line somewhere. I say complete lockdown of a desktop is too far, and costs more than it gains, both in dollars and in user frustration.
I disagree. In most companies, a complete lockdown of the desktop is *just fine*.
The problem is that Windows makes that *hard*.
As for your comments on SOAP- I didn't say I like SOAP. I don't. But welcome to psychology- make something too inconvenient, and people will find ways around it. And those ways will probably screw up reasonable actions at the same time.
Agreed, but the issue is the responsiveness of the IT department. The default should be that if I need a new application or hole, I submit a web form, it opens the hole temporarily *only to my machine* (you have to trust you employees *somewhat*) and the IT department begins reviewing the impact.
One of the other big problems is that networks tend to be a big uniform mish-mash once you penetrate the firewall. There are no firewalls between networks so that you can permit certain actions only to certain networks.
-a -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
