Security Basics mailing list archives
RE: Home laptops on a corporate network
From: "marc " <marc () pungloppen dk>
Date: Fri, 11 May 2007 20:08:58 +0200
Sorry in advance for anything stupid. I'm still just a wannabe newbie in security :) Wouldn't a regular vpn just open for all kinds of badware they have on their home computer? And if you issue a work computer for them it will be used as their normal computer and properly be as infected as their home computer anyways. Why not use a product that can be used with their home computer but one that don't have to be installed. I have this usb key I have been issued at work from this company. http://www.giritech.com/ It's mighty fancy. It will allow me to connect to our citrix server and do my work without any risk of our citrix server being infected by any thing on my work issued laptop. Disclaimer: I do have any relations with giritech I'm just a happy user of their product. And sorry for spelling mistakes, none native English speaker here. :) -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Shawn Sent: 11. maj 2007 19:06 To: krymson () gmail com Cc: security-basics () securityfocus com; security-basics-return-44327 () securityfocus com Subject: RE: Home laptops on a corporate network I take it assigning the users who need to work from home company owned/managed laptops, and then providing VPN access to these laptops, is just not an option? Setting up -somewhat- secure access to the corporate network from a staffers home computer just seems like too much trouble and too much risk for what you gain...it'd just be easier to buy/image/issue laptops. On Fri, 11 May 2007, krymson () gmail com wrote:
If this scenario is an absolute must, even in the face of HIPAA (and
if this were my data, I'd be highly concerned about this company...), then I do like having users VPN into an isolated network segment and then connect to a Terminal Server to do their work.
However, not to throw monkeywrenches in, but this solution still does
nothing about keyloggers, screenscrapers, or even a full-blown screen capture program running to record all this data. Even just one frame of a doc open can be enough to spoil your HIPAA party depending on the data these users have access to. Really, there's nothing you can do about this other than disallowing their home systems.
You do have to pretend two things: 1) Assume you have the filthiest, most infected, worm-ridden home PC
ever connecting to your network.
2) Assume one of these workers will be wanting to sell this data or
maliciously gather and use it.
You can take action against 1, but you're not going to be able to
audit 2 unless you own the devices they are allowed to use.
Current thread:
- RE: Home laptops on a corporate network, (continued)
- RE: Home laptops on a corporate network Vince Hall (May 09)
- RE: Home laptops on a corporate network Adam Rosen (May 08)
- Message not available
- Re: Home laptops on a corporate network Kurt Buff (May 09)
- Message not available
- Re: Home laptops on a corporate network Kurt Buff (May 08)
- RE: Home laptops on a corporate network Al Saenz (May 08)
- RE: Home laptops on a corporate network Adam Rosen (May 08)
- RE: Home laptops on a corporate network Adam Rosen (May 08)
- Re: Home laptops on a corporate network Kurt Buff (May 09)
- RE: Home laptops on a corporate network krymson (May 11)
- RE: Home laptops on a corporate network Shawn (May 11)
- RE: Home laptops on a corporate network marc (May 14)
- RE: Home laptops on a corporate network Shawn (May 14)
- RE: Home laptops on a corporate network marc (May 14)
- RE: Home laptops on a corporate network Scott Ramsdell (May 14)
- RE: Home laptops on a corporate network Shawn (May 11)