this post was submitted on 21 Jul 2024
191 points (76.5% liked)
Technology
59414 readers
3162 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Almost all computers can be set to PXE boot, but work laptops usually even have more advanced remote management capabilities. You ask the employee to reboot the laptop and presto!
I wonder how you're supposed to get PXE boot to work securely over the internet. And how that helps when affected disk is still encrypted and needs unusual intervention to fix, including admin access to system files.
I've been doing this for a while, and I like creative solutions, so I wonder about those issues a lot. Not much comes to my mind besides let's recall all the laptops and do it one by one.
Hypothectically you could ship a company provided router to handle the vpn connection to your remote users, so you aren't relying on the OS to be able to boot up to get connected to the vpn for the company network and PXE environment. Lots of extra cost and mess though.
From a home user? Probably ain’t shit-all you can do with PXE booting. But if you have a field office or somewhere a user can go with a hardware vpn appliance? Well now you’re in business.
PXE boot is more of last resort IMO, but can be uses as a chainloader to a more secure option. The biggest challenge I could see security-wise is having PXE boot being ran on unsecured networks. Even then though, normally a computer will have been provisioned on a secure network and will have encryption and secure boot-based encryption, and some additional signature-based image verification.