Re: [fw-wiz] Worms, Air Gaps and Responsibility

From: Mason Schmitt (sysadmin_at_sunwave.net)
Date: 05/10/04

  • Next message: Devdas Bhagat: "Re: [fw-wiz] Worms, Air Gaps and Responsibility" 
    To: firewall-wizards@honor.icsalabs.com
Date: Mon, 10 May 2004 11:24:42 -0700

    On May 10, 2004 07:46 am, Gwendolynn ferch Elydyr wrote:
    > On Sun, 9 May 2004, Vinicius Moreira Mello wrote:
    > > have being taking is to isolate mobile users in a network (or VLAN)
    > > regardless of their security state. As most of the mobile user's needs
    > > are to read/send e-mail and use the web, they are restricted, with
    > > packet filters, to do just these activities. This minimizes the threat
    > > and is a good solution for many companies and univerisities.
    >
    > Beyond that, I think it's not accurate to presume that most mobile users
    > are satisfied with email and web access. One of the recurring questions
    > that we receive from our mobile users is "How can I access <foo>", where
    > <foo> is typically a document store, or a customer-facing application,
    > like a parts ordering database.
    >
    A recent SANS webcast talked about using true thin client hardware or terminal
    server clients (and equivalents such as citrix, X, etc) for providing remote
    users or risky users access to document stores, and other LAN resources. I
    think that using a thin client as a security tool is a great idea.

    > Granted, you could probably work up a web interface for -everything-, but
    > that's getting into a completely different headache [and it's still a
    > pain to get documents edited...]
    >
    The thin client gets around this headache nicely. 

    -- 
Mason Schmitt
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Devdas Bhagat: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"