On Tue, 20 Oct 2009, Richard Chycoski wrote: > da...@lang.hm wrote: >> >> however, the thought of the corporate IT department _not_ managing >> desktop/laptop systems for some part of the company sound very >> short-sighted. >> >> yes, they aren't a profit center, and so can't produce cash to put into the >> IT group. But neither are the Security, QA, HR, Finance groups, and for >> that matter it's hard to quantify the revenue that your executive >> management generates. These people all need safe systems to use. In >> addition, having someone in one group use a system that hs sending >> everything they do to hackers somewhere can cost you a LOT of money (it >> usually has little effect, but when it does cost you something it tends to >> cost a LOT) >> >> you really do want to make sure that anti-virus and anti-spyware software >> is up to data on all systems, and ignoring some systems because they do not >> generate revenue saves money now, but is likely to cost a lot later. >> >> David Lang >> _______________________________________________ >> > Unless you start treating the desktops/laptops/smart phones like external > appliances. The idea of some of these new methods of connecting is that from > the service end, you don't care about antivirus and other such software on > the client - that becomes completely the client system's owner's > responsibility. You download all of the administration of the client to the > owner of the client, and only worry about channeling very specific, well > protected resources out your firewall and the client machines simply don't > get full network access into your facility. Examples of this are > https-wrapped email servers. Your services don't get impacted if the client's > machine gets infected with a virus because there is no way for the client to > propagate that virus directly to others. You would be wise to implement virus > checking for any file or attachment that you accept into the mail service, > but the rest is outside of your care. > > Now - does this mean that one or more of your employees/contractors/parters > could be flooded with viruses that they need to deal with? Yes, it does. It > simply means that you no longer need to protect everything in the core from > the outside client hosts every time that they connect.
if you don't mind having everything that the employee/contractors/etc see or have access to being available to hackers go for it. but if you do mind, then saying "it doesn't hurt me" isn't really true. David Lang _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
