Security Basics mailing list archives
Re: Client application to control access to untrusted networks?
From: "H. Willstrand" <h.willstrand () gmail com>
Date: Wed, 23 Sep 2009 23:01:25 +0200
On Tue, Sep 22, 2009 at 10:22 PM, <louder () hotmail com> wrote:
Hello,I am just looking to see if anyone can provide any experiences and/or recommendations of software to be installed on clients that is "location aware" and can enforce certain ACL's or network policies. i.e. Symantec, McAfee, Cisco?
Base security should include: * Firewall with a appropriate rule set (e.g. only allowing access to your corporate network before the VPN-connection is ready, all Internet access via the VPN-connection) * Application updates (Adobe, Microsoft, etc.) should only be performed via the VPN-connection * Anti-virus with the latest update * No group / shared credentials to your corporate services * Users should not have administration rights on their PC * Strong passwords combined with additional security mechanism (something you know, something you have) * Activated administration password for BIOS setup * Boot only via harddisk * Encrypted local disk * Logging activated at server side (log-in, application auditing, etc.) ...
My scenario and what I am trying to do is with my users laptops, currently we do not allow them to connect to any public wireless networks. Ofcourse this is something that I am being pressured on allowing. We would like to be able to force a VPN client to load as soon as the mobile device running Windows XP connects to a public "hot spot" and if the VPN connection fails to disconnect the system from that network. It would be an IPSEC VPN from either Cisco or Juniper. Thank you! Brandon L.
My 2ct /HW
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Client application to control access to untrusted networks? louder (Sep 23)
- Re: Client application to control access to untrusted networks? Fabien Vincent (Sep 28)
- Re: Client application to control access to untrusted networks? H. Willstrand (Sep 28)
- Re: Client application to control access to untrusted networks? Gleb Paharenko (Sep 28)