Policies: ECE
Computers Stay On
Dual Boot
REWRITE for GENERAL USE -- add in info about
Security
Remote Access Servers
VCL/GRENDELs
On the NCSU network, an unpatched Windows workstation is hacked within 30 seconds. Often, less time is required. Keeping the OSes patched is our number one way to prevent one machine from attacking the rest.
Dual booted machines are the blight of security within this environment.
With the OS switching back and forth, neither OS (we're patching Linux across the network as well) is kept up to date. And we can't know how long a machine has stayed on one OS versus the other.
Therefore, the goal has been to discourage, and eventually remove the use of dual booted systems *wherever possible*.
What I need to know is the reasons/needs for the dual boot. I'll give you one: OPNET currently requires Windows -- assuming your primary use of the machine is as a Linux box, then this would be a good reason to have both the OSes. Granted, once OPNET *is* available on Linux, this would no longer be a legitimate reason.
While you know our goal is to move to a non-dual boot environment, *I* need to know the obstacles that *you* see to this. What applications prevent your use of a single OS? Having this information helps to better define this policy.
We wouldn't want to have Windows on a box simply because a student likes to use Outlook to check his mail, or because they prefer Office over StarOffice.
I would ask that you work with us on this. We have no research support funding. Trust me, if we could, we would -- so we have a limited staff to respond to issues that arise. We do so because I recognize the needs of the department, and because I'd like to avoid the "wild west" of computing that ECE was four years ago. Our goals are to meet your legitimate needs, but we must weigh that against the cost of support and to the rest of the network.
- We will dual boot this machine*.
You are correct that a 600Mhz machine will not meet your needs. Outside of the Networking group, one of the major reasons we have dual boot requests is because a student wants to "play" with the buzz work "Linux". A secondary machine on which to do this often does meet their needs, and is therefore a standard response to such requests. I will have our people adjust this response to elicit legitimate reasons for the request and possible exceptions, as in this case, to the policy.
We *WILL* be erecting the firewalls on both the Linux and Windows OSes.
This should help, partially, to protect the machines while updates are installed. Unfortunately, not all issues are due to outside attacks, but it's something. This should not affect the use of the machine, but if it does, let us know, and we'll see what specific exceptions to this firewall can be made.
While the machine is being built, please send me the reasons a dual boot is important to you in this case. If we can determine what the problems are with a single OS, we can attempt to resolve them, or at least keep them in mind.