Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Laptop use in the Wild

From: "sec sam" <secsam () gmail com>
Date: Thu, 8 Feb 2007 10:09:25 -0600
Hello Group,
I know this is old hat for many of you, I am looking for insight on
how I might approach roadblocks to laptop use out in the wild?

The issue is tough because of the cultural change it represents
towards remote computing in the organization, and the desktop groups
tremendous resistance to opening this up. There is good reason to be
concerned and to carefully way the risks but I have to believe that
the level of risk has been managed enough since so many others have
this as a "normal" part of business.

To date policy states "devices are not to connect to other networks"-
dial-up only

One limited test requires re-imaging the machine before allowing it
back on the network. I am not sure what this test is intended to show,
except maybe to prove that there is likely a more efficient way.

I find it frustrating because I know that this service can be provided
and in a "relatively" safe manner- . Some of the components in place
include two factor authentication, drive encryption, ssl/vpn and other
software such as AV and antispyware.  Still evaluating desktop
firewall solutions though.

My problem is that I am not an expert with our ssl/vpn (but will
consult with the vendor) and my level of expertise in the areas of
desktop configuration (mapping or syncing my docs, reg settings etc)
is such that I rely on the desktop groups input, which quite frankly
seems a bit tenuous. Admittedly we also need to learn about the role
of desktop firewall software in this. All while providing a relatively
problem free experience for the user.

Does anyone know of a good white paper or other documentation on
strategies for rolling this type of service out?  A discussion of the
risks as well as high level of SSL/VPN and desktop configuration.
Something that possibly provides different strategies to consider.

Personally, I would like to permit users the ability to configure
connection to a wired or wireless network in the wild, but still
require the client connect through the SSL/vpn before being able to
get anywhere on the internet- or to our companies resources. Maybe I
ask too much.


Thanks for your input.
Samara
Previous By Date Next
Previous By Thread Next

Current thread: