Re: "Porn-surfing hits taxpayer IDs"

["Pace, Guy" <gpace () CIS CTC EDU>]

If you have "teleworkers" or remote workers, using an SSL-based VPN
product (Aventail, F5, etc) could provide you with the necessary
quarrantine, system checking and other tools needed to keep a junked
machine from coming into your network and spreading its contamination.
We set in writing what is expected of the systems with remote access
(since we are a data center, we are very strict--YMMV). If PestPatrol is
a product in your mix and your license can extend to your telecommuters,
you can require that their installation be current and updated and
reporting no problems before the SSL VPN would grant access. This
criteria could be set for OS patches and updates, AV and anti-spyware
products, whatever. 


Guy L. Pace, CISSP
Security Administrator
Center for Information Services (CIS)
3101 Northup Way, Suite 100
Bellevue, WA 98004
425-803-9724

gpace () cis ctc edu

-----Original Message-----
From: Jere Retzer [mailto:retzerj () OHSU EDU] 
Sent: Wednesday, June 14, 2006 1:52 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] "Porn-surfing hits taxpayer IDs"

All great ideas, thanks. What about cases where the data is accessed
from machines outside your control -  for example teleworkers or outside
agencies? We can mitigate the latter to some degree with business
partnership agreements although I'm not sure that's good enough all by
itself