RE: Mobile Users and Firewalls - best practices?

["Brunner, Mark" <MBrunner () tor fasken com>]

Hi Lisa,

Laptops and notebooks are a real problem.  In my opinion, they should be treated as foreign systems as soon as they 
leave the relative safety of your firewall.  They may have a hardware firewall at home, but it probably cost $50, and 
gives them $50 worth of protection.  They may or may not connect to another network at some point, perhaps a client's 
network, or a friend's wireless, who knows?

If the firewall can be turned off, it probably will be at some point.  Not good.  Something will be blocked that they 
just HAVE to see.  They will download something, open or install it, and wham-bam-thank-you-maam, they now have the 
latest and greatest remote access Trojan on the system.  It may not be evident to the user, and of course the next 
morning, they plug into your network, behind the firewall.  The RAT makes an outbound call, so the hardware firewall 
allows it to communicate with the bot-net or remote host.  Ahhh, sweet to have authenticated Domain access, no need to 
hack around for passwords...  Of course, there is always the joy of worms and other malware that may circulate around 
your LAN/WAN, causing general turmoil and confusion.

Any software firewall is better than none.  For corporate use, it should provide:
1) Ingress and Egress monitoring/filtering (NOT SP2's "firewall")
2) A standard rule-set that reduces the need for the user to allow or deny access requests.  (Chances are they will 
ALWAYS say yes!)
3) Constant updates to signature files and standard rules.
4) A central management console to ease administrative burden.

Nice to have are IDS, malware ID, etc.

Just my 2¢

Mark Brunner
Security Manager
Fasken Martineau DuMoulin LLP

This communication is solicitor/client privileged and contains confidential information intended only for the person(s) 
to whom it is addressed. Any unauthorized disclosure, copying, other distribution of this communication or taking any 
action on its contents is strictly prohibited. If you have received this message in error, please notify us immediately 
and delete this message without reading, copying or forwarding it to anyone.



-----Original Message-----
From: lmwills () telus net [mailto:lmwills () telus net]
Sent: Wednesday, April 27, 2005 12:55 PM
To: security-basics () securityfocus com
Subject: Mobile Users and Firewalls - best practices?


My company has a hardware firewall.  Most of my users who have laptops have
hardware firewalls at home - but for those who don't I was going to recommend
they use Sygate as their personal software firewall when they are not in the office.

What are your suggestions?  

Does the user activate their software firewall when out of the office and then
drop it when they are behind the hardware firewall?

Are there conflicts beetween the two firewalls?

Is there a firewall out there that you feel is really great that I might be missing?

Lisa Wills