RE: Roaming Firewall Solution Information

["G.Crow" <secure.computing () gmail com>]

The VPN client is set up like that when they use it - I'm more concerned
with their use of the computer when not using VPN.

SP2, sadly, breaks something on our laptop images, and I haven't had the
time to fix it yet.  I'm going to be taking care of that in my next =
batch,
actually, but I haven't worked with the built-in firewall too much, =
since I
operate my desktops in a trusted environment.

It would be quite easy to push and maintain something like that out once
they are at SP2, though.  Unfortunately, this doesn't take care of my =
Win2k
laptops, of which there are a few.  Any ideas?

Gabe

> -----Original Message-----
> From: Max Pettersson [mailto:macks53 () msn com]
> Sent: December 10, 2004 3:42 PM
> To: secure.computing () gmail com
> Subject: RE: Roaming Firewall Solution Information
> =20
> Hello!
> =20
> Is it possible to configure the clients to avoid using split-tunnels,
> connecting the computer to both the internet directly and your =
vpn-tunnel.
> By limiting only internet access trought the vpn tunnel you should be =
able
> to control traffic trough your main vpn-concentrator and firewall. =
Then
> simple use the very good builting firewall that ships with SP2. =
That=B4s the
> simplest solution im my opinion.
> =20
> //Max
> =20
> > From: "G.Crow" <secure.computing () gmail com>
> > Reply-To: "G.Crow" <secure.computing () gmail com>
> > To: security-basics () lists securityfocus com
> > Subject: Roaming Firewall Solution Information
> > Date: Thu, 9 Dec 2004 20:16:12 -0500
> >
> > Greetings,
> >
> >
> > I'm seeking a firewall solution that I can deploy on my mobile users
> > laptops.  I've done some research into this, but in my position I've
> > been extremely pressed for time lately, and don't know if I can get
> > the research done in the near future, especially since quotes for the
> > products I'm familiar with are hard to come by for business users.
> > Any experiences, help, or recommendations into this are more than
> > welcome.
> >
> >
> > Basically I'm tired of worrying if my users are going to bring home
> > the next big thing.  I know what I'd pick for myself, but I'm not so
> > sure what is so good for end users - I'm looking for something I can
> > set up a base template of rules for and leave running without forcing
> > my users to make 'hard' choices in the field - and therefore call me.
> > I'm not currently looking at one of the centrally managed firewall
> > solutions, primarily for cost reasons - I'm doing this outside of the
> > central IT budget for a subset of users specific to my facility.  I
> > haven't seen any particular studies on this issue, and testing all =
the
> > various products out there isn't in my immediate time scope.
> >
> >
> > My criteria/situation is as follows:
> >
> >
> > -Environment:  Mixed Win2k SP4/WinXP SP1 laptops.  Varied hardware.
> > ~20-30 or so.
> > -Budget:  $50 a head or so, lower preferable, but variance is =
allowed.
> > -Desired features:  Importable rulesets, local logging, user-friendly
> > (as they *will* end up making it ask about some traffic)
> >  -Compatibility:  Cisco VPN Client, Novell, Internal web apps, i.e.
> > nothing too extreme except for possibly the Cisco client -Timeframe:
> > Trying to get this purchased before 2005
> >
> >  I've looked into ZoneAlarm and Checkpoint Integrity, but Zone Labs =
is
> > elusive in which product they will license to business customers, and
> > at what price, so I'm unsure even of what product to test.  =
Checkpoint
> > seems a little pricey for the simplified solution I'm going for -
> > however unlike ZoneAlarm and Tiny, I haven't played with it to be
> > sure.  My experience with Tiny has been anything but user-friendly, a
> > key concern.  I also haven't used recent versions, so I don't know if
> > it's improved.  Kerio I haven't used, and I'm unsure of other
> > client-based unmanaged firewalls to check out.
> >
> >
> > Thank you for any help you can provide,
> >
> > Gabe
> > secure dot computing at gmail d0t com
> =20
> _________________________________________________________________
> L=E4ttare att hitta dr=F6mresan med MSN Resor http://www.msn.se/resor/