Security Basics mailing list archives
Laptop use in the Wild
From: "sec sam" <secsam () gmail com>
Date: Thu, 8 Feb 2007 10:09:25 -0600
Hello Group, I know this is old hat for many of you, I am looking for insight on how I might approach roadblocks to laptop use out in the wild? The issue is tough because of the cultural change it represents towards remote computing in the organization, and the desktop groups tremendous resistance to opening this up. There is good reason to be concerned and to carefully way the risks but I have to believe that the level of risk has been managed enough since so many others have this as a "normal" part of business. To date policy states "devices are not to connect to other networks"- dial-up only One limited test requires re-imaging the machine before allowing it back on the network. I am not sure what this test is intended to show, except maybe to prove that there is likely a more efficient way. I find it frustrating because I know that this service can be provided and in a "relatively" safe manner- . Some of the components in place include two factor authentication, drive encryption, ssl/vpn and other software such as AV and antispyware. Still evaluating desktop firewall solutions though. My problem is that I am not an expert with our ssl/vpn (but will consult with the vendor) and my level of expertise in the areas of desktop configuration (mapping or syncing my docs, reg settings etc) is such that I rely on the desktop groups input, which quite frankly seems a bit tenuous. Admittedly we also need to learn about the role of desktop firewall software in this. All while providing a relatively problem free experience for the user. Does anyone know of a good white paper or other documentation on strategies for rolling this type of service out? A discussion of the risks as well as high level of SSL/VPN and desktop configuration. Something that possibly provides different strategies to consider. Personally, I would like to permit users the ability to configure connection to a wired or wireless network in the wild, but still require the client connect through the SSL/vpn before being able to get anywhere on the internet- or to our companies resources. Maybe I ask too much. Thanks for your input. Samara
Current thread:
- Laptop use in the Wild sec sam (Feb 08)