Hypothectically you could ship a company provided router to handle the vpn connection to your remote users, so you aren’t relying on the OS to be able to boot up to get connected to the company network and PXE environment. Lots of extra cost and mess though.
Comment on CrowdStrike Isn't the Real Problem
magikmw@lemm.ee 3 months agoI wonder how you’re supposed to get PXE boot to work securely over the internet. And how that helps when affected disk is still encrypted and needs unusual intervention to fix, including admin access to system files.
I’ve been doing this for a while, and I like creative solutions, so I wonder about those issues a lot. Not much comes to my mind besides let’s recall all the laptops and do it one by one.
wizardbeard@lemmy.dbzer0.com 3 months ago
LrdThndr@lemmy.world 3 months ago
From a home user? Probably ain’t shit-all you can do with PXE booting. But if you have a field office or somewhere a user can go with a hardware vpn appliance? Well now you’re in business.
timewarp@lemmy.world 3 months ago
PXE boot is more of last resort IMO, but can be uses as a chainloader to a more secure option. The biggest challenge I could see security-wise is having PXE boot being ran on unsecured networks. Even then though, normally a computer will have been provisioned on a secure network and will have encryption and secure boot-based encryption, and some additional signature-based image verification.