Re: [fw-wiz] Worms, Air Gaps and Responsibility

From: Bret Watson (lists_at_ticm.com)
Date: 05/10/04

  • Next message: mlists_at_tdbnetworks.org: "RE: [fw-wiz] Pix to Checkpoint VPN Connectivity" 
    To: firewall-wizards@honor.icsalabs.com
Date: Mon, 10 May 2004 20:41:43 +0800

    Its a standard part of BlackIce - checks for the necessary programs,
    signatures files etc and allows or denies based on this.

    Bret

    At 02:39 AM 9/05/2004 -0300, Vinicius Moreira Mello wrote:
    >Paul Van Noord wrote:
    >>5/7/04 6:12 AM
    >>Hi Jim,
    >>Is it not possible to run a script when a notebook connects to the LAN
    >>to check for the necessary security elements. If they are not there,
    >>either deny use of the LAN or lock the machine and add them before the
    >>user is allowed to use the LAN?
    >
    >Paul,
    >
    >It would be hard to make a reliable vulnerability scanning or threat
    >assessment and integrate it with the core network equipments. An
    >interesting approach that many universities and medium sized business have
    >being taking is to isolate mobile users in a network (or VLAN) regardless
    >of their security state. As most of the mobile user's needs are to
    >read/send e-mail and use the web, they are restricted, with packet
    >filters, to do just these activities. This minimizes the threat and is a
    >good solution for many companies and univerisities. Implementing it is
    >time costly, but a cost that is worth paying in many environments.
    >
    >Regards,
    >vmm.
    >
    >_______________________________________________
    >firewall-wizards mailing list
    >firewall-wizards@honor.icsalabs.com
    >http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: mlists_at_tdbnetworks.org: "RE: [fw-wiz] Pix to Checkpoint VPN Connectivity"