Security Basics mailing list archives
RE: Tele-Commuting Risks
From: Andrew Johns <Andrew.Johns () haley com>
Date: Tue, 6 Jan 2009 13:16:13 +1100
To allow more fine grained control over the RDP connection, including policy enforcement (eg:completely ban disk/printer/clipboard access *irrespective* of server/client config), have a look at Zorp application gateway from Balabit IT (and no, I do not work for them ;) Very impressive stuff. Includes screen scraping which allows for regex searches of commands entered by remote users from logs - handy for compliance/monitoring reasons (Note: I haven't used this particular feature myself). -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of HITESH PATEL Sent: Saturday, 3 January 2009 4:41 AM To: John; security-basics () securityfocus com Subject: Re: Tele-Commuting Risks It really depends how you allow your remote employees to access your network. If you allow remote employees to connect their personal systems (via VPN) then risk is much higher and could be unmanagable. It also depends how that VPN is configured/implemented. Employees personal systems might be infected and hence it becomes threat to your company when connected to your network. If you allow your remote employees to connect the VM hosted on your network (via RDP) then you will have full control on the system, and risk can be controlled/managable. It also depends how that RDP connection is configured -HP ----- Original Message ---- From: John <tornado579 () gmail com> To: security-basics () securityfocus com Sent: Friday, January 2, 2009 2:26:01 AM Subject: Tele-Commuting Risks Hi All, Our company is planning to introduce Tele Commuting facilities for all the employees. Some of the employees work on sensitive information like SSN, Credit Cards etc. Our company also regularly undergoes ISO 27001 and SAS 70 audits. I have the following questions: Risks Involved in Tele Commuting? How to prevent information leakage while telecommuting especially when it comes to PII? Audit and Compliance issues related to Tele Commuting? If you have any good web resources or suggestions it will be helpful. Thanks in advance.
Current thread:
- Tele-Commuting Risks John (Jan 02)
- Re: Tele-Commuting Risks HITESH PATEL (Jan 05)
- RE: Tele-Commuting Risks Andrew Johns (Jan 05)
- Re: Tele-Commuting Risks J. Oquendo (Jan 05)
- Re: Tele-Commuting Risks aditya mukadam (Jan 05)
- Re: Tele-Commuting Risks Charles Hardin (Jan 06)
- <Possible follow-ups>
- Re: Tele-Commuting Risks donald . riggins (Jan 05)
- Re: Tele-Commuting Risks rohnskii (Jan 05)
- Re: Tele-Commuting Risks rohnskii (Jan 05)
- Re: Tele-Commuting Risks rohnskii (Jan 06)
- Re: Tele-Commuting Risks HITESH PATEL (Jan 05)