RE: Home laptops on a corporate network

[krymson () gmail com]

If this scenario is an absolute must, even in the face of HIPAA (and if this were my data, I'd be highly concerned 
about this company...), then I do like having users VPN into an isolated network segment and then connect to a Terminal 
Server to do their work.

However, not to throw monkeywrenches in, but this solution still does nothing about keyloggers, screenscrapers, or even 
a full-blown screen capture program running to record all this data. Even just one frame of a doc open can be enough to 
spoil your HIPAA party depending on the data these users have access to. Really, there's nothing you can do about this 
other than disallowing their home systems.

You do have to pretend two things:
1) Assume you have the filthiest, most infected, worm-ridden home PC ever connecting to your network.
2) Assume one of these workers will be wanting to sell this data or maliciously gather and use it.

You can take action against 1, but you're not going to be able to audit 2 unless you own the devices they are allowed 
to use.