Security Basics mailing list archives

RE: Tele-Commuting Risks

From: Andrew Johns <Andrew.Johns () haley com>
Date: Tue, 6 Jan 2009 13:16:13 +1100

To allow more fine grained control over the RDP connection, including policy enforcement (eg:completely ban 
disk/printer/clipboard access *irrespective* of server/client config), have a look at Zorp application gateway from 
Balabit IT (and no, I do not work for them ;)

Very impressive stuff.  Includes screen scraping which allows for regex searches of commands entered by remote users 
from logs - handy for compliance/monitoring reasons (Note: I haven't used this particular feature myself).


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of HITESH PATEL
Sent: Saturday, 3 January 2009 4:41 AM
To: John; security-basics () securityfocus com
Subject: Re: Tele-Commuting Risks

It really depends how you allow your remote employees to access your network.

If you allow remote employees to connect their personal systems (via VPN) then risk is much higher and could be 
unmanagable. It also depends how that VPN is configured/implemented. Employees personal systems might be infected and 
hence it becomes threat to your company when connected to your network.

If you allow your remote employees to connect the VM hosted on your network (via RDP) then you will have full control 
on the system, and risk can be controlled/managable. It also depends how that RDP connection is configured

-HP



----- Original Message ----
From: John <tornado579 () gmail com>
To: security-basics () securityfocus com
Sent: Friday, January 2, 2009 2:26:01 AM
Subject: Tele-Commuting Risks

Hi All,



Our company is planning to introduce Tele Commuting facilities for all the
employees. Some of the employees work on sensitive information like SSN,
Credit Cards etc. 

Our company also regularly undergoes ISO 27001 and SAS 70 audits.



I have the following questions:



Risks Involved in Tele Commuting? 


How to prevent information leakage while telecommuting especially when it
comes to PII? 


Audit and Compliance issues related to Tele Commuting? 




If you have any good web resources or suggestions it will be helpful. 



Thanks in advance.

Current thread:

Tele-Commuting Risks John (Jan 02)
- Re: Tele-Commuting Risks HITESH PATEL (Jan 05)
  - RE: Tele-Commuting Risks Andrew Johns (Jan 05)
- Re: Tele-Commuting Risks J. Oquendo (Jan 05)
- Re: Tele-Commuting Risks aditya mukadam (Jan 05)
- Re: Tele-Commuting Risks Charles Hardin (Jan 06)
- <Possible follow-ups>
- Re: Tele-Commuting Risks donald . riggins (Jan 05)
- Re: Tele-Commuting Risks rohnskii (Jan 05)
- Re: Tele-Commuting Risks rohnskii (Jan 05)
- Re: Tele-Commuting Risks rohnskii (Jan 06)