Firewall Wizards mailing list archives

Re: Worms, Air Gaps and Responsibility


From: Vinicius Moreira Mello <vinicius () lineone net>
Date: Sun, 09 May 2004 02:39:01 -0300

Paul Van Noord wrote:
5/7/04  6:12 AM

Hi Jim,

Is it not possible to run a script when a notebook connects to the LAN
to check for the necessary security elements. If they are not there,
either deny use of the LAN or lock the machine and add them before the
user is allowed to use the LAN?

Paul,

It would be hard to make a reliable vulnerability scanning or threat assessment and integrate it with the core network equipments. An interesting approach that many universities and medium sized business have being taking is to isolate mobile users in a network (or VLAN) regardless of their security state. As most of the mobile user's needs are to read/send e-mail and use the web, they are restricted, with packet filters, to do just these activities. This minimizes the threat and is a good solution for many companies and univerisities. Implementing it is time costly, but a cost that is worth paying in many environments.

Regards,
vmm.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


Current thread: