Re: Home laptops on a corporate network

["Kurt Buff" <kurt.buff () gmail com>]

Uh, not really. Well, not unless you do something like this:

a) Laptops in firewalled subnet, only allowed access to Internet, no
VPN to production subnets.

b) TS machine in separate subnet, not exposed to world. Port 3389 (and
ONLY port 3389) exposed to laptops in firewalled subnet. TS machine
otherwise has access to resources on production subnet(s).

Even then I'd cringe, because data leakage is still an issue.



On 5/8/07, Adam Rosen <ajrosen () buffdata com> wrote:
> Somehow I forgot to add Terminal Services to the list of options, but I think the cost on that would be prohibitive. 
> However, it does solve the problems.
>
> Adam
>
> -----Original Message-----
> From:   "Kurt Buff" <kurt.buff () gmail com>
> Sent:   Tuesday, May 08, 2007 12:57 PM
> To:     "Adam Rosen" <ajrosen () buffdata com>
> Cc:     "security-basics () securityfocus com" <security-basics () securityfocus com>
> Subject:        Re: Home laptops on a corporate network
>
> They're bound by HIPAA, and still want this? The approach that you
> haven't thought of is to talk with their corporate counsel, and ask
> him to read HIPAA, and advise your clients about liability.
>
> Tell them to put down the crack pipe and step away. This is completely
> against the intent and letter of HIPAA.
>
> Insanity.
>
> The company where I work now doesn't need HIPAA compliance, and it's
> strictly against company policy to connect personal devices to the
> corporate network.
>
> Just for fun, I'll mention 3 OSS NAC packages, but I still don't think
> it's a good idea.
>
> http://ungoliant.sf.net
>
> http://netreg.sf.net
>
> http://freenac.net
>
> Kurt
>
> On 5/8/07, Adam Rosen <ajrosen () buffdata com> wrote:
> > Hi all -
> >
> > I have a client who wants to allow employees to use their own laptops on
> > the corp. wireless network so that they can access files on the server.
> > I gave them a run-down of options (allow usual file sharing [bad idea],
> > MS VPN quarantine [complex scripting], SharePoint services [not bad, but
> > no printer access] and third party quarantine options).
> >
> > Aside from any other ideas someone may have, it seems to me that the
> > third party compliance software/appliance, while probably being the most
> > versatile is pretty costly. I found a couple starting at about $20K.
> > Does anybody know of any devices that are significantly cheaper and can
> > allow my client to do what they want? I should mention that they are
> > bound by HIPAA regulations here. Or any approaches I haven't thought of?
> >
> > Thanks for the input.
> >
> > Adam
> >
> > Adam J. Rosen
> > President
> > Buffalo Data Solutions
> > 716-913-6312
> > ajrosen () buffdata com
> > http://www.buffdata.com
> >
> >
> >