> You do realize the implication given by step 2 and point 4 are a contradiction in itself :-) ?
Absolutely. Microsoft is a mess. I could go on for hours about how Windows networks are fundamentally insecure, and cannot be fixed without a massive psychological shift. Sysadmins love it though for some reason, probabally because it gives them way more power than they should ever need over their users.
I love hearing war stories from people who worked offense at places like Google, with almost zero AD footprint. Even the most basic attacks take SOOO much more effort. I would love it if a ChromeOS centric Zero Trust model actually became a thing, but it's not going to happen naturally. Maybe if we let all these ransomwared companies fail spectacularly, and refuse to bail them out, then the only companies that will be left will be those who care.
Unfortunately telling people not to use Windows rarely goes over well. To that main point, as bad as Microsoft is, there are so many companies that are so much worse. This Kaseya thing is essentially a rootkit with shitty authentication. Installing this thing on endpoints is a fundamentally flawed concept, yet here we are.
I don't know all the details, but for SSO think about how you log into GMail. They enforce U2F and I'm pretty sure special certs get deployed to client machines.
As for machine administration, it's ChromeOS, what needs administration? Just keep logs of auth and app usage on the server side and you have all the logs you ever need to track down bad behavior. Nothing can be installed on a majority of client systems, and nothing needs to be installed, as it should be.
Absolutely. Microsoft is a mess. I could go on for hours about how Windows networks are fundamentally insecure, and cannot be fixed without a massive psychological shift. Sysadmins love it though for some reason, probabally because it gives them way more power than they should ever need over their users.
I love hearing war stories from people who worked offense at places like Google, with almost zero AD footprint. Even the most basic attacks take SOOO much more effort. I would love it if a ChromeOS centric Zero Trust model actually became a thing, but it's not going to happen naturally. Maybe if we let all these ransomwared companies fail spectacularly, and refuse to bail them out, then the only companies that will be left will be those who care.
Unfortunately telling people not to use Windows rarely goes over well. To that main point, as bad as Microsoft is, there are so many companies that are so much worse. This Kaseya thing is essentially a rootkit with shitty authentication. Installing this thing on endpoints is a fundamentally flawed concept, yet here we are.