Security Basics mailing list archives

RE: Forcing a vpn connection anytime internet connectivity is detected outside a corporate lan

From: "Ross Goodall" <RGoodall () smith-nixon com>
Date: Mon, 2 Jun 2008 16:06:42 -0400

We use Surf Control (recently bought out by WebSense) for Internet
filtering.  There is an optional mobile component which we have
installed on all of our laptops which kicks in when the mobile users are
not connected to the local network.  It's a local install which also
needs a server on the back-end to provide the filtering.  Any HTTP
request from one of our laptops in the field therefore goes through our
mobile internet filter.  When the user is back in the office, the mobile
component 'sleeps' and the normal proxy filtering kicks in.

http://www.websense.com/global/en/ProductsServices/modules/remotefilteri
ng.php 


Ross Goodall
Smith Nixon LLP
 
T: 416.361.1622 ext: 313 | F: 416.367.1238 | 1900 - 390 Bay Street |
Toronto, Ontario M5H 2Y2 | www.smith-nixon.com
________________________________

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the
material from your computer. 
________________________________


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Charles Hardin
Sent: Monday, June 02, 2008 2:18 PM
To: security-basics
Subject: Forcing a vpn connection anytime internet connectivity is
detected outside a corporate lan

Hello list,

     Does anyone have a solution for the following issue we seem to be
facing at my place of employment.

We use barracuda web filter's to control web content at all of our sites
and this works pretty well. What we seem to be having is our laptop
users are breaking the usage policy and porn surfing at night from
hotels and their house, then introducing it to their file shares while
they are in the office. The VPN we use is a cisco pix tied to a raidus
server. The main site they connect to is on a metro e so head end
bandwidth is not a primary concern but a possible secondary concern.
What we would like to do is force the laptops into a vpn connection any
time the laptop detects the internet and is not on the corporate lan and
then tunnel their web traffic thru our webfilters.
We have spare public ips so they could in theory ping this to determine
if they are in or out of our network. Any ideas?

Charles Hardin

Current thread:

Forcing a vpn connection anytime internet connectivity is detected outside a corporate lan Charles Hardin (Jun 02)
- RE: Forcing a vpn connection anytime internet connectivity is detected outside a corporate lan Ross Goodall (Jun 02)
- RE: Forcing a vpn connection anytime internet connectivity is detected outside a corporate lan Christian Campbell (Jun 04)