Security Basics mailing list archives
RE: Mobile Users and Firewalls - best practices?
From: "Brunner, Mark" <MBrunner () tor fasken com>
Date: Thu, 28 Apr 2005 09:19:17 -0400
Hi Lisa, Laptops and notebooks are a real problem. In my opinion, they should be treated as foreign systems as soon as they leave the relative safety of your firewall. They may have a hardware firewall at home, but it probably cost $50, and gives them $50 worth of protection. They may or may not connect to another network at some point, perhaps a client's network, or a friend's wireless, who knows? If the firewall can be turned off, it probably will be at some point. Not good. Something will be blocked that they just HAVE to see. They will download something, open or install it, and wham-bam-thank-you-maam, they now have the latest and greatest remote access Trojan on the system. It may not be evident to the user, and of course the next morning, they plug into your network, behind the firewall. The RAT makes an outbound call, so the hardware firewall allows it to communicate with the bot-net or remote host. Ahhh, sweet to have authenticated Domain access, no need to hack around for passwords... Of course, there is always the joy of worms and other malware that may circulate around your LAN/WAN, causing general turmoil and confusion. Any software firewall is better than none. For corporate use, it should provide: 1) Ingress and Egress monitoring/filtering (NOT SP2's "firewall") 2) A standard rule-set that reduces the need for the user to allow or deny access requests. (Chances are they will ALWAYS say yes!) 3) Constant updates to signature files and standard rules. 4) A central management console to ease administrative burden. Nice to have are IDS, malware ID, etc. Just my 2ยข Mark Brunner Security Manager Fasken Martineau DuMoulin LLP This communication is solicitor/client privileged and contains confidential information intended only for the person(s) to whom it is addressed. Any unauthorized disclosure, copying, other distribution of this communication or taking any action on its contents is strictly prohibited. If you have received this message in error, please notify us immediately and delete this message without reading, copying or forwarding it to anyone. -----Original Message----- From: lmwills () telus net [mailto:lmwills () telus net] Sent: Wednesday, April 27, 2005 12:55 PM To: security-basics () securityfocus com Subject: Mobile Users and Firewalls - best practices? My company has a hardware firewall. Most of my users who have laptops have hardware firewalls at home - but for those who don't I was going to recommend they use Sygate as their personal software firewall when they are not in the office. What are your suggestions? Does the user activate their software firewall when out of the office and then drop it when they are behind the hardware firewall? Are there conflicts beetween the two firewalls? Is there a firewall out there that you feel is really great that I might be missing? Lisa Wills
Current thread:
- Mobile Users and Firewalls - best practices? lmwills (Apr 27)
- Re: Mobile Users and Firewalls - best practices? Byron L. Sonne (Apr 28)
- <Possible follow-ups>
- RE: Mobile Users and Firewalls - best practices? Brunner, Mark (Apr 28)