Firewall Wizards mailing list archives
RE: Worms, Air Gaps and Responsibility
From: "Claussen, Ken" <Ken () kccweb com>
Date: Wed, 12 May 2004 11:51:16 -0400
Is this really so hard to setup Thin Client access for mobile users? If your existing links are not "Sturdy" enough to handle some additional Thin Client traffic you have bigger problems. In most cases this will reduce the overall WAN/Internet traffic as opposed to Fat Clients (Full Desktops). We use the same Internet connection for access to our Citrix servers as we do for general Internet Access. Since most of the access happens after hours, it balances itself pretty well. In addition the Citrix client uses minimal bandwidth when used with applications which are not graphics intensive. This solution works very well for our Roaming Laptops. They are put in a DMZ and then access all Corporate apps through Citrix. The only open port to the inside for these folks is Citrix. They do not have rights to the servers drives so transfer of Viruses is difficult if not impossible. In addition the same servers used for the DMZ folks are also used for External users, we did not need to provision extra servers to make this work. The DMZ also has access to Windows Update (across the Internet) and our AV Vendors update site. We also use Windows IPSec Policy to block access to most ports (135,137,139,445,1026,etc) for Inbound traffic and certain high Risk (25,81,IRC,135,137,139,445,1026,etc) ports for Outbound traffic. This works well since these laptops are not part of the domain and don't need these ports open, plus it is free (with Windows). This also keeps them from transmitting an infection to internal systems via Netbios/SMB if they accidentally connect to the Internal Network. They know they are not supposed to, but it still happens. Ken -----Original Message----- From: Gwendolynn ferch Elydyr [mailto:gwen () reptiles org] Sent: Monday, May 10, 2004 3:48 PM To: Mason Schmitt Cc: firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] Worms, Air Gaps and Responsibility <Snip> ... <Snip/>
The thin client gets around this headache nicely.
... and gets you back into a different set of headaches - provisioning servers and links that are sturdy enough to handle a pile of remote connections. cheers! ======================================================================== == "A cat spends her life conflicted between a deep, passionate and profound desire for fish and an equally deep, passionate and profound desire to avoid getting wet. This is the defining metaphor of my life right now." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Worms, Air Gaps and Responsibility, (continued)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 07)
- RE: Worms, Air Gaps and Responsibility R. DuFresne (May 07)
- RE: Worms, Air Gaps and Responsibility R. DuFresne (May 07)
- RE: Worms, Air Gaps and Responsibility Melson, Paul (May 07)
- Re: Worms, Air Gaps and Responsibility Adam Shostack (May 07)
- Message not available
- RE: Worms, Air Gaps and Responsibility Marcus J. Ranum (May 07)
- Re[2]: Worms, Air Gaps and Responsibility Jean-Denis Gorin (May 07)
- RE: Worms, Air Gaps and Responsibility Mike McNutt (May 10)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- RE: Worms, Air Gaps and Responsibility Victor Williams (May 11)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- RE: Worms, Air Gaps and Responsibility Claussen, Ken (May 12)
- RE: Worms, Air Gaps and Responsibility Claussen, Ken (May 12)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 12)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 13)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 13)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 17)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 17)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 17)
- RE: Worms, Air Gaps and Responsibility Frank Knobbe (May 18)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 18)
- Re: Worms, Air Gaps and Responsibility Adam Shostack (May 18)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 13)