Security Basics mailing list archives
Re: Client End Point Scan
From: Shane Anglin <shane.anglin () gmail com>
Date: Thu, 3 Nov 2011 11:58:49 -0400
Juniper SSL VPN has the host checker and endpoint security components. But the users must have admin access to their boxes to accept the Juniper packages. Note that when you do BYOC, you will run into issues, such as with iTunes mdnsreponder.exe dropping VPN connections (unless you remediate that through Juniper by killing the service first)... And VPN issues may pop up for situations where the user has another VPN thick client, profile issues with Network Connect, etc... Lots of things can drop the connection on foreign devices. Anything touching or changing a route will break VPN connections. Also, consider why your policy states about liabilities for when you clean infected files on the client machine that were not in any way related your business... For instance, if the person has data on there that they work on for another company... It happens although that is bad practice. And consider the HelpDesk dept that ends up having to troubleshoot all those different machines. Are they OK to install EA Microsoft apps on non-corporate machines... Or other such vendor issues. If this is a PCI environment, consult a PCI QSA as you will find the BYOC situation can cause compliance issues. Good luck! Regards, Shane Anglin On Nov 3, 2011, at 1:52 PM, infosec () ampsecurity com wrote:
We have a group that is looking to adopt a bring your own computer (byoc) program, the client obviously has concerns on how they could enforce their minimum requirements (i.e. AV/Firewall protection, full patched system, OS, Memory/CPU if possible, etc.). Their co-workers would connect over an SSL VPN and it sounds like an Endpoint Analysis solution is what they need. Could anyone offer any suggestions on a solution? Also, if an employee attempts to connect and does not meet the minimum requirements the client would like to return prompt on why the system is restricted from connecting. Thanks! ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Client End Point Scan infosec (Nov 03)
- Re: Client End Point Scan Shane Anglin (Nov 03)
- Re: Client End Point Scan Jeffrey Walton (Nov 03)
- RE: Client End Point Scan William Baltas (Nov 03)
- Re: Client End Point Scan lists . job (Nov 03)
- RE: Client End Point Scan William Baltas (Nov 03)