RE: About MS-Networking security.

From: Cowperthwaite, Eric (eric.cowperthwaite_at_eds.com)
Date: 01/19/04

  • Next message: Cowperthwaite, Eric: "RE: About MS-Networking security." 
    To: Harlan Carvey <keydet89@yahoo.com>, Dennis Dimka <ddimka@Manna.com>, "'Rich Logan'" <Richard.Logan@stokeslaw.com>, focus-ms@securityfocus.com
Date: Mon, 19 Jan 2004 12:17:24 -0600

    Actually, there are solutions that allow you to enforce this that go beyond
    physical security and user awareness.

    Cisco network equipment allows you to require authentication before
    establishing any network layers except the authentication connection (which
    is similar to BOOTP in functionality). This is just about an absolute must
    for wireless networking in general, and really a good idea for laptop users
    as well.

    Cisco, Symantec and others provide tools that assist in enforcing this kind
    of policy.

    Eric Cowperthwaite
    Medi-Cal Information Security Officer
    EDS - Operations Solutions
    3215 Prospect Park Drive
    Rancho Cordova, CA 95630

    CONFIDENTIALITY NOTICE: This email from EDS is for the sole use of the
    intended recipient and may contain confidential and privileged information.
    Any unauthorized review or use, including disclosure or distribution is
    prohibited. If you are not the intended recipient, please contact the
    sender and destroy all copies of the email.

    > -----Original Message-----
    > From: Harlan Carvey [mailto:keydet89@yahoo.com]
    > Sent: Monday, January 19, 2004 7:50 AM
    > To: Dennis Dimka; 'Rich Logan'; focus-ms@securityfocus.com
    > Subject: RE: About MS-Networking security.
    >
    >
    > Physical security and user awareness.
    >
    >
    > --- Dennis Dimka <ddimka@Manna.com> wrote:
    > > How would these Administrators enforce this? What
    > > keeps a user from walking
    > > into the premise, and just plugging into the LAN?
    > >
    > > Just curious.
    > >
    > > Dennis Dimka
    > > Network Engineer
    > > MFS, Inc.
    > > ddimka@manna.com
    > >
    > > Desk: 651-905-7591
    > > Mobile: 612-616-0817
    > > Fax: 651-994-6594
    > >
    > >
    > > -----Original Message-----
    > > From: Rich Logan
    > > [mailto:Richard.Logan@stokeslaw.com]
    > > Sent: Friday, January 16, 2004 11:48 AM
    > > To: focus-ms@securityfocus.com
    > > Subject: RE: About MS-Networking security.
    > >
    > >
    > > What I have seen some do is run the laptops through
    > > a "screening
    > > station" before allowing them back on the net -
    > > there is software
    > > available that will allow you to boot into an a/v
    > > solution that will
    > > scan the hard drive & detect/repair any viruses...
    > >
    > > As stated earlier, education goes a long way in
    > > preventing viruses - but
    > > having a backup plan never hurts!
    > >
    > > Rich Logan
    > > IS Manager
    > > Stokes Lawrence, P.S.
    > > (206) 892-2154
    > >
    > > -----Original Message-----
    > > From: Wronski, Michael C (MED) [mailto:Michael.Wronski@med.ge.com]
    > > Sent: Thursday, January 15, 2004 2:22 PM
    > > To: 'Cyber Chiu`'; focus-ms@securityfocus.com
    > > Subject: RE: About MS-Networking security.
    > >
    > > This is a common problem with no single solution. No
    > > matter what you do,
    > > the mobile user is going to be a high risk entity.
    > > Education of the
    > > user of their ability to cause harm to their own
    > > data and the company
    > > network is a great start. They need to be aware that
    > > their actions can
    > > cause catastrophic results.
    > > After education, the following are the most
    > > important:
    > >
    > > -Install Personal Firewall and AV on all laptops and
    > > make sure you
    > > educate the users on the function of the software.
    > > -Lock down the configuration so it cant be disabled
    > > by the user
    > > -Enable aggressive live updates (daily) and scans
    > > (daily)
    > >
    > > -Patching Automation - Before your user leaves the
    > > network, their
    > > laptops should be patched with the more recent OS
    > > updates.
    > >
    > > -Its best of your laptop users can connect to a
    > > "sandbox" network on
    > > return to the office or if you can separate all
    > > physical connection that
    > > belong to mobile users on a sandbox VLAN. This can
    > > be difficult to
    > > manage depending on your current network design.
    > >
    > > -M
    > >
    > >
    > > -----Original Message-----
    > > From: Cyber Chiu` [mailto:cchiu@hotspur.com.hk]
    > > Sent: Sunday, January 11, 2004 3:26 PM
    > > To: focus-ms@securityfocus.com
    > > Subject: About MS-Networking security.
    > >
    > >
    > >
    > >
    > > Hi all, I have a question about portable computer
    > > security concern.
    > > My company have firewall protection, all desktop are
    > > behind firewall.
    > > However, My saleman need to do their business with a
    > > Laptop. When
    > > they're in office. They will connect their laptop to
    > > our internet.
    > >
    > > I think it's danger because we don't know it's
    > > infected by virus or not.
    > > can anyone suggest me what to do?
    > >
    > >
    > --------------------------------------------------------------
    > ----------
    > > ---
    > >
    > --------------------------------------------------------------
    > ----------
    > > ---
    > >
    > >
    > --------------------------------------------------------------
    > ----------
    > > ---
    > >
    > --------------------------------------------------------------
    > ----------
    > > ---
    > >
    > >
    > >
    > >
    > >
    > --------------------------------------------------------------
    > -------------
    > >
    > --------------------------------------------------------------
    > -------------
    > >
    > >
    > --------------------------------------------------------------
    > -------------
    > >
    > --------------------------------------------------------------
    > -------------
    > >
    >
    >
    > --------------------------------------------------------------
    > -------------
    > --------------------------------------------------------------
    > -------------
    >

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Cowperthwaite, Eric: "RE: About MS-Networking security."

    Relevant Pages

    • Re: Software Firewalls are "Snake Oil" !
      ... there is some sensitive data that you may not think is ... >Confidential data, wherever possible, should not be kept on a system ... >securing "the network" since there isn't one to secure. ...
      (comp.security.firewalls)
    • Re: Effectiveness of Forced Password Changing
      ... > physical security lapses similar to what I described above. ... My impression is that mandatory ... to a weak password accessible from the network. ... Force all systems to disable accounts on x number of unsuccessful ...
      (comp.security.misc)
    • Re: Source code security - rogue developers?
      ... least on the isolated network). ... Nothing comes or goes unless it goes through you via the PDC! ... Our network security is solid, ... > physical security, but once you're hired you have full access to the ...
      (comp.security.misc)
    • Re: Source code security - rogue developers?
      ... least on the isolated network). ... Nothing comes or goes unless it goes through you via the PDC! ... Our network security is solid, ... > physical security, but once you're hired you have full access to the ...
      (comp.security.misc)
    • Re: One Users My Documents no longer redirected.
      ... even connect to the network at all because it's a PITA. ... So I would think that a wireless 54 mbps connection would be ... one laptop, and try it for a day or two to see what happens. ... active directory OU as the other users whose redirection works? ...
      (microsoft.public.windows.server.sbs)