Security Basics mailing list archives
RE: Roaming Firewall Solution Information
From: "G.Crow" <secure.computing () gmail com>
Date: Fri, 10 Dec 2004 20:35:31 -0500
The VPN client is set up like that when they use it - I'm more concerned with their use of the computer when not using VPN. SP2, sadly, breaks something on our laptop images, and I haven't had the time to fix it yet. I'm going to be taking care of that in my next = batch, actually, but I haven't worked with the built-in firewall too much, = since I operate my desktops in a trusted environment. It would be quite easy to push and maintain something like that out once they are at SP2, though. Unfortunately, this doesn't take care of my = Win2k laptops, of which there are a few. Any ideas? Gabe
-----Original Message----- From: Max Pettersson [mailto:macks53 () msn com] Sent: December 10, 2004 3:42 PM To: secure.computing () gmail com Subject: RE: Roaming Firewall Solution Information =20 Hello! =20 Is it possible to configure the clients to avoid using split-tunnels, connecting the computer to both the internet directly and your =
vpn-tunnel.
By limiting only internet access trought the vpn tunnel you should be =
able
to control traffic trough your main vpn-concentrator and firewall. =
Then
simple use the very good builting firewall that ships with SP2. =
That=B4s the
simplest solution im my opinion. =20 //Max =20From: "G.Crow" <secure.computing () gmail com> Reply-To: "G.Crow" <secure.computing () gmail com> To: security-basics () lists securityfocus com Subject: Roaming Firewall Solution Information Date: Thu, 9 Dec 2004 20:16:12 -0500 Greetings, I'm seeking a firewall solution that I can deploy on my mobile users laptops. I've done some research into this, but in my position I've been extremely pressed for time lately, and don't know if I can get the research done in the near future, especially since quotes for the products I'm familiar with are hard to come by for business users. Any experiences, help, or recommendations into this are more than welcome. Basically I'm tired of worrying if my users are going to bring home the next big thing. I know what I'd pick for myself, but I'm not so sure what is so good for end users - I'm looking for something I can set up a base template of rules for and leave running without forcing my users to make 'hard' choices in the field - and therefore call me. I'm not currently looking at one of the centrally managed firewall solutions, primarily for cost reasons - I'm doing this outside of the central IT budget for a subset of users specific to my facility. I haven't seen any particular studies on this issue, and testing all =
the
various products out there isn't in my immediate time scope. My criteria/situation is as follows: -Environment: Mixed Win2k SP4/WinXP SP1 laptops. Varied hardware. ~20-30 or so. -Budget: $50 a head or so, lower preferable, but variance is =
allowed.
-Desired features: Importable rulesets, local logging, user-friendly (as they *will* end up making it ask about some traffic) -Compatibility: Cisco VPN Client, Novell, Internal web apps, i.e. nothing too extreme except for possibly the Cisco client -Timeframe: Trying to get this purchased before 2005 I've looked into ZoneAlarm and Checkpoint Integrity, but Zone Labs =
is
elusive in which product they will license to business customers, and at what price, so I'm unsure even of what product to test. =
Checkpoint
seems a little pricey for the simplified solution I'm going for - however unlike ZoneAlarm and Tiny, I haven't played with it to be sure. My experience with Tiny has been anything but user-friendly, a key concern. I also haven't used recent versions, so I don't know if it's improved. Kerio I haven't used, and I'm unsure of other client-based unmanaged firewalls to check out. Thank you for any help you can provide, Gabe secure dot computing at gmail d0t com=20 _________________________________________________________________ L=E4ttare att hitta dr=F6mresan med MSN Resor http://www.msn.se/resor/
Current thread:
- Roaming Firewall Solution Information G.Crow (Dec 10)
- RE: Roaming Firewall Solution Information Keith Bucknall (Home) (Dec 13)
- Re: Roaming Firewall Solution Information Randy Williams (Dec 13)
- RE: Roaming Firewall Solution Information Keith Bucknall (Home) (Dec 13)
- Re: Roaming Firewall Solution Information GuidoZ (Dec 14)
- Re: Roaming Firewall Solution Information Randy Williams (Dec 13)
- RE: Roaming Firewall Solution Information Keith Bucknall (Home) (Dec 13)
- <Possible follow-ups>
- RE: Roaming Firewall Solution Information G.Crow (Dec 13)
- RE: Roaming Firewall Solution Information Erickson, Tom (Dec 14)
- RE: Roaming Firewall Solution Information G.Crow (Dec 15)
- Re: Roaming Firewall Solution Information Randy Williams (Dec 16)
- RE: Roaming Firewall Solution Information G.Crow (Dec 15)