Security Basics mailing list archives
Re: Home laptops on a corporate network
From: "Rob Creely" <programmingart () gmail com>
Date: Thu, 10 May 2007 01:36:51 -0400
Hi all - I have a client who wants to allow employees to use their own laptops on the corp. wireless network so that they can access files on the server. I gave them a run-down of options (allow usual file sharing [bad idea], MS VPN quarantine [complex scripting], SharePoint services [not bad, but no printer access] and third party quarantine options). Aside from any other ideas someone may have, it seems to me that the third party compliance software/appliance, while probably being the most versatile is pretty costly. I found a couple starting at about $20K. Does anybody know of any devices that are significantly cheaper and can allow my client to do what they want? I should mention that they are bound by HIPAA regulations here. Or any approaches I haven't thought of? Thanks for the input. Adam Adam J. Rosen President Buffalo Data Solutions 716-913-6312 ajrosen () buffdata com http://www.buffdata.com
Hi, Given the limited details on what such a system needs to be able to provide user's of "home" laptops, I would go for a totally complete and seperate network from the corporate wireless LAN with pinholes to a Citrix/MS Terminal Services server in a DMZ which would provide the "services" needed by "home" laptops. As for NAC which was mentioned, it just seems to be the latest snake oil being offered by security vendors to uninformed security executives. I recenty easily bypassed a NAC on a Juniper box in under 30 minutes by changing a view registry keys on my Windows client. And at Blackhat Europe researchers recently revealed a flaw in Cisco's offereing in the NAC space: http://www.net-security.org/article.php?id=1001 NAC probably has a role in a multi-layer defense in depth network security policy. However, that said, I would not rely on NAC solutions too heavily. Just my 2 cents......... Cheers. --Rob
Current thread:
- RE: Home laptops on a corporate network, (continued)
- RE: Home laptops on a corporate network Adam Rosen (May 09)
- RE: Home laptops on a corporate network Adam Rosen (May 09)
- RE: Home laptops on a corporate network Nick Duda (May 08)
- Re: Home laptops on a corporate network gjgowey (May 08)
- Re: Home laptops on a corporate network Ansgar -59cobalt- Wiechers (May 08)
- Re: Home laptops on a corporate network Yousef Syed (May 09)
- RE: Home laptops on a corporate network Adam Rosen (May 09)
- Re: Home laptops on a corporate network gjgowey (May 09)
- RE: Home laptops on a corporate network Petter Bruland (May 09)
- RE: Home laptops on a corporate network Crawley, Jim (May 09)
- Re: Home laptops on a corporate network Rob Creely (May 10)
- Re: Home laptops on a corporate network Yousef Syed (May 09)
- Message not available
- Re: Home laptops on a corporate network Johnny Wong (May 09)
- RE: [bugtraq] Re: Home laptops on a corporate network mathew_ericson (May 10)
- RE: [bugtraq] Re: Home laptops on a corporate network winsoc (May 10)
- Re: Home laptops on a corporate network Ryan Chow (May 09)
- Re: Home laptops on a corporate network Tsu (May 08)
- Re: Home laptops on a corporate network Kurt Buff (May 08)
- RE: Home laptops on a corporate network steven hess (May 08)
- RE: Home laptops on a corporate network jbeauford (May 08)