There’s plenty of good reasons to keep a windows device updated and available for use.
Honestly, I prefer that to spinning up a windows VM, especially if your needs include Windows software that interfaces directly with external hardware.
I realize that’s not an option for everyone, but for those who have an extra device available, or can afford a used laptop to keep in a closet, it’s well worth it IMO.
Dafuq?
Unless it’s for SMTP only, it’s probably a back end sever to some other front facing box, or service, that has IP addresses whitelisted for email.
I’m pretty sure I read one of his comments elsewhere talking about tunneling everything over SSH, so I assume that’s what he meant, but I could be mistaken.
Regardless, using an EOL distro as an internet facing SSH server that’s 8 years behind on SSH updates, is probably a bad idea.
We’re not talking about some punch card COBOL machine he jimmy rigged with network access, it’s an old Debian Linux box with SSH enabled.
It’s not like Metasploit would have a tough time finding unpatched vulnerabilities for it…
I’m assuming they meant that they were company phones, and that additionally they were required for any work related MFA requirements.
If that’s the case, it would be YubiKey in addition to, not instead of.
As for the time tracking software, those are often part of a much larger accounting, payroll, and/or HR software suite. Having his team spin up Windows vms, or even have separate older windows boxes somewhere, probably makes more financial sense than not. At least, until they can switch to a more modern suite that has a web portal.
Virtual Box is a Type 2 hypervisor, which means it’s running on top of the OS, and not directly on the hardware.
KVM is a Type 1, which runs directly on the hardware itself.
There are pros and cons to each, and VBOX is a great piece of software, but it is more resource intensive than other options available.