Educause Security Discussion mailing list archives
Re: Faculty Laptops
From: James Wilcox <jim () WILCOXS NET>
Date: Tue, 6 May 2003 09:28:40 -0700
Yes, FW rules should be pushed out and updated by the admin, thanks for raising that omission in my reasoning to use something like Check Point SecureClient. Is the stock Mac FW very good? I have heard only bad about the stock Windows one but have never had the guts to try it. jrw -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Amsel, Ellen Sent: Tuesday, May 06, 2003 8:57 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Faculty Laptops if the laptop is windows-based, you can also consider another product similar to zone alarm's from a company called Sygate (www.sygate.com). it includes a centralized management console from which an administrator can push out the rules to everyone, even the laptop (when it's on the network). the admin is resposnbile for the personal firewall, so the user cannot change the configuration, even at home. additionally, checkpoint or pix can be set up to verify that the personal firewall is up and running before allowing the laptop to reconnect into the network. for Mac machines, os x comes with a personal firewall which can also be configured by the admin to protect the local user from harm. I hope this helps. regards, Ellen -----Original Message----- From: James Wilcox [mailto:jim () WILCOXS NET] Sent: Mon 5/5/2003 3:19 PM To: SECURITY () LISTSERV EDUCAUSE EDU Cc: Subject: Re: [SECURITY] Faculty Laptops First of all, I don't sell firewalls, so my comments reflect no conflict of interest. ZoneAlarm does sell a management system that disallows anyone but the authorized administrator to change a policy (key word here is *sell*). I know more about CheckPoint's SecureClient which has been around for years. SC not only puts management exclusively in the hands of the authorized admin, it also can be set to kill the connection if the user kills the VPN (which is part of the product). Quite elegant and powerful (no, don't even own stock). If you are looking at Linux systems, I have a product. But I won't talk about that because I *would* have a conflict of interest. Regards, James R. Wilcox, CISSP Director of Business Development Cylant PO Box 19777 Portland, OR 97280-9777 503 799-8438 james () cylant com CylantSecure, LinuxWorld Best Security Solution www.cylant.com -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Michelle Mueller Sent: Monday, May 05, 2003 2:41 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Faculty Laptops Some of our faculty have laptops that they take home to do work. We are wondering what to do about the security issues this causes. If the faculty member has broad band and no firewall (the laptops do not have a firewall installed), their laptop could become compromised at home. Then, when they attach their computer to our network, our network is compromised. The logical solution would be to install a firewall but I'm worried that when it asks for permission for an application to access the internet the user will answer wrong. I'm wondering what others are doing to solve this. Thanks, Michelle ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Faculty Laptops Michelle Mueller (May 05)
- <Possible follow-ups>
- Re: Faculty Laptops James Wilcox (May 05)
- Re: Faculty Laptops SANDRA DELK (May 05)
- Re: Faculty Laptops James Wilcox (May 05)
- Re: Faculty Laptops Clyde Hoadley (May 05)
- Re: Faculty Laptops SANDRA DELK (May 05)
- Re: Faculty Laptops Amsel, Ellen (May 06)
- Re: Faculty Laptops James Wilcox (May 06)
- Re: Faculty Laptops Gary Flynn (May 06)
- Re: Faculty Laptops Scott Bradner (May 07)