On Sat, 29 Apr 2023 21:02:13 +0200 Per Jessen <per@opensuse.org> wrote:
Lew Wolfgang wrote:
On 4/29/23 11:42, Per Jessen wrote:
Of course, but on our network a Windows user could, through ignorance, configure her legitimately connect host to advertise a route to a second interface on her machine. I guess your corporate networking policy is very different to anything I have seen in over thirty years. My wife works for a bank - there is virtually nothing she can do to her laptop.
It's a large research environment.
I'm not sure if that explains the lax security policies :-)
It does to a large extent, I think. The admins have a major problem. The scientists [in our case] can run pretty much whatever they decide they need. Plus there's any number of 'guests' from pretty much anyplace in the world visiting from hours to years at a time and who need access to the main network in most cases. The only tool our admins had, apart from post-facto enforcement of stated rules, was not permitting any device on the network until they had seen it and logged its MAC. That said I was never aware that we had any major problems, so either they did a very good job or everybody was very well behaved or both!
For my own environment:
* nobody unauthorised has access to the datacentre * nobody unauthorised has access to our offices * unauthorised guest devices don't get ipv6. * hosted (virtual or real) customers are very much locked down.
compare and contrast :)