Security Basics mailing list archives
RE: Home users with VPN connections
From: John Brightwell <brightwell_151 () yahoo co uk>
Date: Tue, 25 Mar 2003 10:35:56 +0000 (GMT)
Not being a windows guru ... is it possible to take a copy of the home user's PC config and use that to derive a new 'corporate' boot disk. I can see a world of pain in users having to bring in their PC .... but bringing in a backup (or even the current boot disk) may be possible. With the info described above and with the big assumption that a new boot disk can be so derived ... can this be a CD (or even a DVD) there are a number of linux flavours that can boot from CD but I haven't come across a windows boot CD But even if all of the above is possible ... rebooting to connect to the office won't go down well. this may be pie in the sky... Has anyone produced a VPN client that runs from its own sandbox. i.e. it creates a mini encrypted filesystem that is only readable by the VPN client and only applications and data installed in that filesystem can use the VPN Of course, the VPN client would have to be quite clever as it would have to emulate the OS for the applications running within the sandbox (otherwise the outlook running within the VPN client may get confused by the outlook configuration files and registry settings on home user's PC) I'm not sure what would need to be done to facilitate things like printing (possibly the VPN client acts as a proxy and passes the data to the spool queue) The advantage of this solution is that the VPN client can be generic. We (in the IT dept) don't need to know what sort of connection is being used (ADSL, Cable, ISDN) and we shouldn't need to get involved in the low level drivers. Of course, if this hasn't been done then we're scuppered cos I sure can't do it :-)
From: "Brent Woodard" <bwoodard () omniva com> Here's the big management headache on this solution: Is the enduser going to bring their workstation in so
you can build
the software config? You need to install whatever OS
you have with
the appropriate hardware. Are you going to be
responsible for
maintaining drivers for 300 different PCs for 300
different users?
This is a scenario not out of the realm of
possibility for a large
company.
Hmm, that would be kind of nasty, but you should be able to write an unattended install script for them, and just have them slap in your HDD, put in the CD and boot. Once it's done, they connect to the corporate network and it auto-installs any other necessary software. Another thought would be to use something like Knoppix that has an entire OS contained on the CD.
And what about a boot manager? What are you going to
use there? Don't use one. Use removeable hard drives.
Once you open the Pandora's box of supporting users
home
workstations, you open the way for a whole set of
support nightmare
headaches. Bad business for an IS staff trying to
keep costs
down....
If you have home users, you're already supporting them. Chris Berry compjma () hotmail com Systems Administrator JM Associates __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfsbl1
Current thread:
- Re: Home users with VPN connections, (continued)
- Re: Home users with VPN connections David M. Fetter (Mar 17)
- Re: Home users with VPN connections lassal (Mar 17)
- Re: Home users with VPN connections camthompson (Mar 17)
- Re: Home users with VPN connections ladhanikarim (Mar 17)
- Re: Home users with VPN connections James Lee Gromoll (Mar 19)
- Re: Home users with VPN connections Chris Berry (Mar 20)
- RE: Home users with VPN connections Brent Woodard (Mar 21)
- RE: Home users with VPN connections Mike Dresser (Mar 25)
- RE: Home users with VPN connections Kevin Saenz (Mar 26)
- RE: Home users with VPN connections Mike Dresser (Mar 25)
- RE: Home users with VPN connections Chris Berry (Mar 24)
- RE: Home users with VPN connections John Brightwell (Mar 25)