Security Basics mailing list archives

Re: restricting mobile users internet access

From: "a42n8k9 dejazzd.com" <a42n8k9 () dejazzd com>
Date: Thu, 17 Jan 2008 11:02:44 -0500

You could accomplish this with something like Symatec Client Firewall (not pitching, just what we use) and configure 
it's settings to only allow the traffic/sites that you authorize.  Typically, laptops get configured to allow generous 
access when there on-site at the LAN and take a "shields up" stance when they're not connected to the local network.

The rub in restricting mobile users to only be able to SSL, IPSEC, whatever back to the main office when they're 
remote... relies on the home office being online.  e.g. If the home office is offline then the road-warrior is S.O.L.  

You may be better off trying restrict the types of traffic (e.g. blocking certain file types, sites, etc) when not 
connected to the LAN... sort of a more restrictive set of rule, but not so tight that it impacts the ability to make $$.

On 16 Jan 2008 21:52:08 -0000, sarcasmo2005 () gmail com
<sarcasmo2005 () gmail com> wrote:

I've been asked to seek out if it's possible to implement an

internet policy, which restricts staff using corporate notebooks 
to accessing the internet only via corporate internet proxies.



The mobile users have Cisco IPsec and Sonicwall SSL VPN

clients installed on the notebooks. While it's straighforward to 
enforce an VPN (or active directory) policy to enforce mobile 
users to use the corporate proxies, the problem I'm facing 
is   when a member of staff is in an airport (or is 
using a hotel internet connection) they need to be able to get 
to the inital account setup pages (i.e where the internet 
provider asks you to login or pay for time use). This makes the 
internet restriction policy tricky. The mobile users in question 
can often travel to any region in the world.



I guess you could use a product such as 'i-pass' but from what

I can see with i-pass you still have to be able to hit the ISPs 
account setup page, or you could have a hotel that doesn't 
support i-pass.



If staff can disable the proxy and go straight to the

internet, then it's gone against work to enforce corporate proxy use.



I would be very grateful if anyone has had this issue before

and could share how they approached it. I'm sure I'm not the 
only person that's had this question posed to them before ??



thanks in advance

PD

Current thread:

restricting mobile users internet access sarcasmo2005 (Jan 16)
- Re: restricting mobile users internet access Chad Loder (Jan 16)
  - RE: restricting mobile users internet access Murda Mcloud (Jan 17)
- Re: restricting mobile users internet access Chris Barber (Jan 17)
  - Re: restricting mobile users internet access a42n8k9 dejazzd.com (Jan 17)
  - Re: restricting mobile users internet access afam mbanefo (Jan 17)
  - RE: restricting mobile users internet access Nick Vaernhoej (Jan 17)
    - RE: restricting mobile users internet access Nhon Yeung (Jan 18)
    - Re: restricting mobile users internet access PaulD (Jan 18)
    - Message not available
    - Fwd: restricting mobile users internet access Randy Wyatt (Jan 18)