You could provide all corporate services via VDI (RDS or Citrix). With other isolation techniques, it doesn't really matter what the end users bring in. Also have some policies for end-users to follow (e.g. installing AV - that can be managed centrally without them having to be part of a domain).
There's at least one mid-tier bank in Aus doing this very thing (Suncorp-Metway) Cheers Ken -----Original Message----- From: David Lum [mailto:[email protected]] Sent: Monday, 17 October 2011 11:17 PM To: NT System Admin Issues Subject: RE: Macs and vunerabilities My concern is all the above. As currently implemented, Mac's on our network are no different than users home Windows laptops being allowed to directly connect to our network. I can't imagine anyone here would say "go ahead and hook your home laptop directly to my LAN and don't bother joining to the domain". I can't audit what's on them for software license compliance reporting I can't apply GPO's (autoconfigure wireless, browser settings/favorites, etc) I can't remotely deploy software (via GPO or SMS) I can't enforce anti-virus I can't patch Flash, Java, etc Dave -----Original Message----- From: Matthew W. Ross [mailto:[email protected]] Sent: Monday, October 17, 2011 8:07 AM To: NT System Admin Issues Subject: RE: Macs and vunerabilities David, from what direction are your concerns coming from? Are you concerned how to patch the macs? Are you concerned about antivirus? Are you concerned about controlling what the Macs are allowed to do? I'm just trying to understand, and perhaps help. --Matt Ross Ephrata School District ----- Original Message ----- From: David Lum [mailto:[email protected]] To: NT System Admin Issues [mailto:[email protected]] Sent: Thu, 13 Oct 2011 15:01:20 -0700 Subject: RE: Macs and vunerabilities > Well, we're getting a Mac invasion here and there is zero apparent > concern for managing these things or worrying about vulnerabilities. > To get to AD resources they're standing up Win7 VM's but doing as much > work as possible on the native MacOS. > > They can get to the Internet, file shares, printers, e-mail, etc on > native Mac but I just have alarms going off in my head "unmanaged > machines with no idea what intellectual property is on them". > > Dave > > From: [email protected] [mailto:[email protected]] > Sent: Thursday, October 13, 2011 2:49 PM > To: NT System Admin Issues > Subject: Re: Macs and vunerabilities > > I remember the big "mac virus" recently was socially engineered - but > that's definitely the mac's biggest vulnerability. Given that mac > users generally believe they are invulnerable, its an arguably bigger > vector than the same one on a Windows system. > > Sent from my POS BlackBerry wireless device, which may wipe itself at > any moment > > ________________________________ > From: David Lum <[email protected]<mailto:[email protected]>> > Date: Thu, 13 Oct 2011 21:45:39 +0000 > To: NT System Admin > Issues<[email protected]<mailto:[email protected] > unbelt-software.com>> > ReplyTo: "NT System Admin Issues" > <[email protected]<mailto:[email protected] > -software.com>> > Subject: Macs and vunerabilities > > Does anyone have a link to an article or two that shows > vulnerabilities that have actually been exploited? Preferably not a random > blog post... > David Lum > Systems Engineer // NWEATM > Office 503.548.5229 // Cell (voice/text) 503.267.9764 > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected] > software.com> > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected] > software.com> > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
