Slashdot Mirror

← Back to Stories (view on slashdot.org)

Securing Your Internal Network from Windows?

Posted by Cliff on from the protecting-your-network-externally-and-internally dept.

acacord asks: "I am the Network Admin for a medium-sized law firm (hold the flames, please). We are one of the few Macintosh-based firms left. All of our workstations (near 150) will have been migrated to Mac OS X 10.2.2 by the end of the year. We have a couple users who think that they know more than the IT department and therefore insist that they maintain WinXP boxes on their desks. How should I configure a segment of my network for them, and them only, to make sure that the remainder of my networks are not susceptible to any of their natural security 'features' . Any and all ideas are welcome."

1 of 78 comments (clear)

  1. Meet Them on Their Own Terms by TheWanderingHermit · · Score: 5, Insightful

    They're lawyers, right? Don't deal with them as tech wannabes. Deal with them as lawyers. For a change like this, one of the very top PHBs must have either okay'ed this, or instigated it. Go up the ladder to the highest lawyer in the firm that was behind this switch. Have him help you prepare a form that says something like, "Since Windows XP has been shown to have the following security vulnerabilities...yada yada yada...and the Macintosh OSX has been shown to be a more secure system...yada yada yada...I understand that in insisting that I use Windows XP as my desktop operating system, I am increasing the risk of having not only my computer, but the entire corporate network either infected or damaged by viral programs, as well as the risk of my computer or the entire network being accessed illegally by unauthorized persons. I fully understand it is my choice to use this software and I take full legal and financial responsibility for any damage done to my desktop system or the company network as a result of my choice of running an OS with these known high risks."

    Be sure to include in the paper (where the first set of yadas is) lists of vulnerabilities of WinXP, including the recend IE/Outlook flaws for which there is (as of yet) no sure fix. In place of the 2nd set of yadas, put in documentation that shows OSX is more stable and less vulnerable.

    The point is to take the issue to them on their grounds and show them that their choice can have serious implications for them and the entire law firm and that they could be the idiot responsible for the whole system going down. If they are talked to in their language and made to see their choice as a real action with real (and possibly disasterous) consequences, it could open their eyes. You might still have to deal with WInXP, but it'll certainly get them thinking about it.