They may not need Windows, but if disconnected operation might be necessary, they would need a local OS, some local apps and local data storage (with encrypted storage for the latter, and an easy way to sync the latter with the central servers via authenticated and encrypted communications, reducing the need to back up the laptop). They may need options to lock down removable media, or restrict it to read-only or minimal functionality (nodevices,noexec,nonbmand,nosetuid). They may need either to be restricted to only communications needed to establish VPN access, or they may need direct Internet access but with ipfilter rules supplied that protect them from most attacks. All that should be as easy and low maintenance as possible, with reasonable choices and defaults supplied and explained. Given that McAffee for Solaris is probably expensive and mostly useless (unless there might be Windows clients of a Solaris file or mail server!), and IMO rather inefficient, there should perhaps also be some additional open-source defenses available preconfigured and ready to use for typical situations.
All of the above should be as nearly as possible as easy to set up and use as it would be on a Mac (but with access to the guts if needed less obscure than on a Mac, and with CLI equivalents for every GUI function). This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected]
