Re: Home laptops on a corporate network

["Rob Creely" <programmingart () gmail com>]

> Hi all -
>
> I have a client who wants to allow employees to use their own laptops on
> the corp. wireless network so that they can access files on the server.
> I gave them a run-down of options (allow usual file sharing [bad idea],
> MS VPN quarantine [complex scripting], SharePoint services [not bad, but
> no printer access] and third party quarantine options).
>
> Aside from any other ideas someone may have, it seems to me that the
> third party compliance software/appliance, while probably being the most
> versatile is pretty costly. I found a couple starting at about $20K.
> Does anybody know of any devices that are significantly cheaper and can
> allow my client to do what they want? I should mention that they are
> bound by HIPAA regulations here. Or any approaches I haven't thought of?
>
> Thanks for the input.
>
> Adam
>
> Adam J. Rosen
> President
> Buffalo Data Solutions
> 716-913-6312
> ajrosen () buffdata com
> http://www.buffdata.com

Hi,

Given the limited details on what such a system needs to be able to
provide user's of "home" laptops, I would go for a totally complete
and seperate network from the corporate wireless LAN with pinholes to
a Citrix/MS Terminal Services server in a DMZ which would provide the
"services" needed by "home" laptops.

As for NAC which was mentioned, it just seems to be the latest snake
oil being offered by security vendors to uninformed security
executives.  I recenty easily bypassed a NAC on a Juniper box in under
30 minutes by changing a view registry keys on my Windows client.  And
at Blackhat Europe researchers recently revealed a flaw in Cisco's
offereing in the NAC space:
http://www.net-security.org/article.php?id=1001  NAC probably has a
role in a multi-layer defense in depth network security policy.
However, that said, I would not rely on NAC solutions too heavily.

Just my 2 cents.........

Cheers.

--Rob