(incoming employer-related comments) If aware, these issues can be mitigated. Lets say you connect to your office via a VPN directly from an app on your computer. While your OS built in VPN client may not run constantly, some do. The constantly running app can monitor approved A/V programs, firewalls, and other system best practices.
Relating to a solution I am familiar with, the SonicWALL network security appliance can be your router, intrusion protection, firewall, VPN server, and others. Some if its features include enforced client security policies for VPN and LAN. When you join the LAN (via ethernet or WiFi) it will grant you internet access (guest access level). After it has validated you (subject to your criteria: proper firewall, A/V, config, or even a username/password) it will grant your system (MAC address) access to whatever protected resource. In extreme cases, an internal VPN can be used, where the VPN client can grant you access to the specific protected resources. This prevents the 'always-on' connectivity issue where you do not need to access a resource while you browse Facebook but because its always there, a malware can exploit. This is specific to a specific closed-source subscription-based hardware appliance, but I don't see any reason why as server can't be set up to firewall off everything except specific MAC addresses and that list be dynamic. Now the issue goes back to the cat-and-mouse of how you create a policy on how you can define a computing device as trusted and people finding ways around that policy. Michael Potts (904) 638-2914 On Mon, Feb 14, 2011 at 9:04 PM, William L. Thomson Jr. < [email protected]> wrote: > While researching something completely unrelated I came across the > following, which is quite interesting. > > http://en.wikipedia.org/wiki/End_Node_Problem > > Might seem at first mostly based around cloud computing. But the more > interesting stuff is the DoD's use of LiveCD's and ramdisk. > > It almost makes me think a bit about my presentation for tomorrow night. > Whats to say a diskless system doesn't run entirely out of ram, vs > requiring the network for all operations. Would be more like operating > on a snapshot vs live image, but that might be exactly what is wanted. > > Just some food for thought, and either way something to consider with > regard to security. Its one thing to secure your network, but what about > the things that use your network, the end nodes. > > -- > William L. Thomson Jr. > Obsidian-Studios, Inc. > http://www.obsidian-studios.com > > > --------------------------------------------------------------------- > Archive http://marc.info/?l=jaxlug-list&r=1&w=2 > RSS Feed http://www.mail-archive.com/[email protected]/maillist.xml > Unsubscribe [email protected] > >
