monitoring remote access

[Yar Magma <yar_magma () yahoo com>]

Daniel,

One way to handle this is to use a VPN from the user's
desktop that does not allow a "bypass" mode of
operation.  In this way, after the user connects to
the ISP, then connects to the company (via the
Internet), the user is subject to all network
monitoring he / she would be if on the local network.

Now the only problem is how to ensure that the end
user connects only to the company network with VPN
after dialing the ISP.  I believe that you could set
up a WindowsNT workstation to force a user to do this,
but I am not sure how you would do this.

Yar Magma
> -----Original Message-----
> From: Daniel Djundjek
[mailto:daniel.djundjek () wickhill co uk]
> Sent: Tuesday, November 09, 1999 1:52 AM
> To: firewall-wizards () nfr net
> Subject: monitoring remote access
>
>
> Dear all,
>
> A strange request was put to me....
>
> A company is setting up a number of dial up accounts
via an 
> isp for their employees able to work at home.  Now
since they are
dialing 
> in via an isp and not directly in to the main
office, the company
would 
> like to monitor the employees activity to ensure
they are not doing
anything 
> unsavoury(porn, hacking, abusing company
privelidges).
> Does anyone know of any 3rd party tools which can
send alerts 
> to a central location for users on a dial up
account.  The dynamic ip

> allocation would be a problem but is there anything
which can cope
with
this type 
> of request??



__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com