Thieves Winning Online War, Maybe in Your PC

New York Times ^ | 12/5/2008 | By JOHN MARKOFF

[KoRn]

At work I’m STRONGLY advocating a policy I came up with that forbids internal networks and computers to have any physical path or access to the internet at all. I have created an entirely separate physical network that computers can use to go online. In all work areas there can be a computer that is there for internet use, and internet use ONLY.

So far, I’m running into stiff resistance, so I doubt it will happen. Being a hospital, I don’t think we can or should risk any computer that handles patient information to have access to the internet. At least I tried.... Two years ago I found a key logger running on a registration computer. I went screaming to my boss about it, and his eyes glazed over when I tried to explain to him what a key logger was(typical IT director).

[Tribune7]

Thank you, again MSFT.

Or is MFS--T?

[GOP Poet]

bookmark

[Terpfen]

but Apple Corp. doesn’t seem to have any concern whatsoever for anyone who likes to game on occasion.

It's not really Apple's fault. Microsoft's DirectX won the battle with OpenGL, thus chaining games to the Windows platform. It's going to take a fundamental shift in a number of areas--improved OpenGL support on the part of nvidia and ATi, greater amounts of Mac users, and a clear financial justification for hiring OS X programmers and taking the time to learn the intricacies of the OS. Those are a lot of barriers to overcome, especially since we have Boot Camp now.

[rdb3]

The key in Unix/Linux systems is that the user can’t do anything to the system - only root can. You want configure your system, you su to root.

That's right.

Amazing << Hear this. Feel this, and tell me that this isn't music.
Groove to Black Violin EPK, too.

[Terpfen]

CIS student here. Just out of curiosity, could you expand a little bit? How did you plan to physically house a second network parallel to your hospital’s existing intranet?

[SouthDixie]

Awesome stringz, sometimes words have no place in music...

[proxy_user]

If you need web browsing you can set up a filtered proxy server. If you need email, you can set up an internal SMTP server.

That is the way most businesses handle it.

[rabscuttle385]

Tech ping!

[Doc Savage]

I knew his brothers, Wackoof and Jackoff!

[dangerdoc]

Bump

[KoRn]

"If you need web browsing you can set up a filtered proxy server. If you need email, you can set up an internal SMTP server."

That's what we do. We also use firewalls. Malware still sometimes gets through via Internet Explorer.

[Spktyr]

Um, you can’t give your account root level privs in the GUI, and hacking your account in terminal is a big pain. Not on a Mac, sorry.

[proxy_user]

Another approach might be to separate servers from clients. Keep your patient data on Unix machines with no GUI. Access it from Windows, or better yet, use thin clients. These might have a web browser, but it would run on a Unix box and be served remotely over the network.

This would be more economical and more secure, and is one of the newer approaches to IT architecture aimed at businesses where security is more important than convenience.

Of course, workers might complain about not being able to goof off. You’d have to tell them that the computers are for work.

[Sunnyflorida]

” hacking your account in terminal is a big pain. “

FOR YOU MAYBE, BUT NOT FOR SOMEONE THAT KNOWS WHAT THEY ARE DOING.

[Sunnyflorida]

” I found a key logger running on a registration computer. “

Save your breath. “You have no privacy, get over it.” S McNealy.

[Spktyr]

NICE CAPS.

Then tell us how it’s done in Mac OS X 10.5.5.

[Spktyr]

Oh, and before you flip the “what, you don’t know either?” back at me, I already have the tech note up on my screen.

Here’s a hint - root is turned off by default.