news media

[Adam]

On Sun, 20 Aug 2000, Dan Nguyen wrote:

>On Sun, Aug 20, 2000 at 12:11:29AM -0400, Marcel Kunath wrote:
>> <huge snip>
<huge snip>

>And multiboot is a great option, and I hope that the microlabs
>implement it, but it addes another layer of complexity.  And how would
>you like to manage 1000 workstations which may all get cracked and be
>used to preform DoS attacks.

Same way you do windows.  a) Assuming we had multiboot, disable the OS
that needs urgent attention b) fix the netboot procedure for the
affected OS c) wait until people stop using the old boots and/or force
them to reboot if needed.  
Cl already seems to use rdist to clean up the windows install on the local
hard drive, surely one could use it to clean up a linux install in the
boot process soon after the kernel loads.  We login to DOS (or NT) so the
windows labs know who is (ab)using the computer, the same could go in unix
via NIS or Kerberos or ...

Yes windows might seem more secure at first because the remote penetration
is less common but the remote access methods common to unix can easily be
disabled and things like ssh firewalled to only allow connects from
.cl.msu.edu or perhaps other computers in that lab at most.  Its no
different really than a 100% unix lab.  Yes someone might leave the
workstation unattended and some windows user might come along and go
HUH? But thats what xlock and reboot scripts are for =)