On 12/07/2020 19.53, Lew Wolfgang wrote:
On 07/12/2020 10:06 AM, Per Jessen wrote:
Lew Wolfgang wrote:
On 07/12/2020 01:51 AM, Per Jessen wrote:
Lew Wolfgang wrote:
But some large organizations forbid the use of USB memory sticks for security reasons. PXE install from a local mirror ? That would work, but then you have the issue of getting the local mirror installed on an insular network without network connections I've done it, it's just a PITA. Hmm, yeah no doubt. How about downloading the repos to a portable disk and take that along? (if permitted).
These classified situations usually allow incoming disks if certain procedures are followed, such as virus scanning. But once a disk, or other writable media, touches a classified system/network it is presumed to be classified and can not be removed from the space. The media can be declassified by destruction using approved methods and oversight. NSA has guidelines and lists of approved devices:
https://www.nsa.gov/resources/everyone/media-destruction/
So in this case, media are use-once, then destroy devices. Cheaper is better.
I think we should continue to support installations from a physical media. I do have my doubts about a DVD image being the right one, just as I have my doubts about an organisation that would ban USB sticks but not DVDs :-)
As Carlos mentioned, there are security risks associated with USB devices not present in optical media. Certainly USB storage can be used safely if precautions are taken, but I think the rule was designed for the lowest common denominator user. It's easier to ban everything than to ban everything with some difficult-to-explain exceptions.
Regards, "IA is the New Black" Lew
Yes, these sites should have authorization procedures for using external media. Scan the media when coming in or out. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)