A decade ago I worked for a regional chain of gyms with locations in 4 states.
I was in TN. When a system would go down in SC or NC, we originally had three options:
- (The most common) have them put it in a box and ship it to me.
- I go there and fix it (rare)
- I walk them through fixing it over the phone (fuck my life)
I got sick of this. So I researched options and found an open source software solution called FOG. I ran a server in our office and had little optiplex 160s running a software client that I shipped to each club. Then each climber at each club was configured to PXE boot from the fog client.
If everything was okay, it would chain the boot to the os on the machine. But I could flag a machine for primate and at next boot, the machine would check in with PXE and get a complete reimage from premade images on the fog server.
So yes, I could completely reimage a computer from hundreds of miles away by clicking a few checkboxes on my computer.
This was free software. It saved us thousands in shipping fees alone.
There ARE options out there.
ramble81@lemm.ee 3 months ago
You’d have to have something even lower level like a OOB KVM on every workstation which would be stupid expensive for the ROI, or something at the UEFI layer that could potentially introduce more security holes.
Leeks@lemmy.world 3 months ago
Maybe they should offer a real time patcher for the security vulnerabilities in the OOB KVM, I know a great vulnerability database offered by a company that does this for a lot of systems world wide! /s
A_A@lemmy.world 3 months ago
Lol 😋 ! also i need a “Out-of-Band, Keyboard, Video, and Mouse” to your “OOB, KVM” so to
steal the bankimprove security.Leeks@lemmy.world 3 months ago
“It’s turtles all the way down”.
circuscritic@lemmy.ca 3 months ago
…you don’t have OOB on every single networked device and terminal? Have you never heard of the buddy system?
timewarp@lemmy.world 3 months ago
UEFI isn’t going away. Sorry to break the news to you.
ramble81@lemm.ee 3 months ago
I didn’t say it was, nor did I say UEFI was the problem. My point was additional applications or extensions at the UEFI layer increase the attack footprint of a system. Just like vPro, you’re giving hackers a method that can compromise a system below the OS. And add that in to laptops and computers that get plugged in random places before VPNs and other security software is loaded and you have a nice recipe for hidden spyware and such.
Brkdncr@lemmy.world 3 months ago
Vpro is usually $20 per machine and offers oob kvm.