Security Basics mailing list archives

RE: restricting mobile users internet access

From: "Murda Mcloud" <murdamcloud () bigpond com>
Date: Thu, 17 Jan 2008 14:38:03 +1000

Pwd restrict access to the BIOS and don't allow to boot from cd?

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Chad Loder
Sent: Thursday, January 17, 2008 9:54 AM
To: sarcasmo2005 () gmail com
Cc: security-basics () securityfocus com
Subject: Re: restricting mobile users internet access

On Wed Jan 16/2008 @  9:01:P -0000 asdasd, sarcasmo2005 () gmail com wrote:

I've been asked to seek out if it's possible to implement an internet

policy, which restricts staff using corporate notebooks to accessing the
internet only via corporate internet proxies.


The mobile users have Cisco IPsec and Sonicwall SSL VPN clients installed

on the notebooks. While it's straighforward to enforce an VPN (or active
directory) policy to enforce mobile users to use the corporate proxies, the
problem I'm facing is   when a member of staff is in an airport (or is using
a hotel internet connection) they need to be able to get to the inital
account setup pages (i.e where the internet provider asks you to login or
pay for time use). This makes the internet restriction policy tricky. The
mobile users in question can often travel to any region in the world.


I guess you could use a product such as 'i-pass' but from what I can see

with i-pass you still have to be able to hit the ISPs account setup page, or
you could have a hotel that doesn't support i-pass.


If staff can disable the proxy and go straight to the internet, then it's

gone against work to enforce corporate proxy use.


I would be very grateful if anyone has had this issue before and could

share how they approached it. I'm sure I'm not the only person that's had
this question posed to them before ??


thanks in advance


I'm reading your question and alarm bells are going off in my head.

What is the risk that you are trying to address here?

Could any possible solution prevent your corporate roadwarriors
from, say, booting a LiveCD on their laptops and accessing the
Internet that way?

Current thread:

restricting mobile users internet access sarcasmo2005 (Jan 16)
- Re: restricting mobile users internet access Chad Loder (Jan 16)
  - RE: restricting mobile users internet access Murda Mcloud (Jan 17)
- Re: restricting mobile users internet access Chris Barber (Jan 17)
  - Re: restricting mobile users internet access a42n8k9 dejazzd.com (Jan 17)
  - Re: restricting mobile users internet access afam mbanefo (Jan 17)
  - RE: restricting mobile users internet access Nick Vaernhoej (Jan 17)
    - RE: restricting mobile users internet access Nhon Yeung (Jan 18)
    - Re: restricting mobile users internet access PaulD (Jan 18)
    - Message not available
    - Fwd: restricting mobile users internet access Randy Wyatt (Jan 18)