Re: Looking for some ideas on VPN and Dial Up Users and Virus protect ion.

c_brauckmiller_at_LEK.COM
Date: 09/29/03

  • Next message: Ben Huntley: "RE: Student-Degree valuable or not?" 
    To: Frans Meijer <listjunky@fenke.xs4all.nl>
Date: Mon, 29 Sep 2003 12:04:45 -0400

    We looked into this.

    The only real solution we found was Integrity Desktop and Policy Server from
    ZoneLabs.

    It completely integrates with the Cisco VPN 3000 gear and can require specific
    versions and DAT levels on the AV sofware as well as enforcing firewall
    policies.

    If they fail any part of the check, they can be redirected to a website so that
    they can download the latest DAT files, etc. Once they pass the tests, then and
    only then will they be allowed to connect to the network via the VPN.

    Isn't cheap. Its between $55 and $65 per user plus hardware to run the server
    side software.

    Good luck.

    Craig

    Frans Meijer <listjunky@fenke.xs4all.nl> on 09/27/2003 02:16:14 PM

    To: "Sutton, David" <David.Sutton@ps.net>
    cc: security-basics@securityfocus.com (bcc: Craig Brauckmiller/LEK)

    Subject: Re: Looking for some ideas on VPN and Dial Up Users and Virus protect
          ion.

    On Fri, 26 Sep 2003, Sutton, David wrote:

    > Is there a server that you can put in that VPN and Dial up users would have
    > to access 1st, like a proxy, that would check their system and if something
    > was found would close out the connection right away?

    A system (the vpn-client) that would allow such an invesigation would
    not be very secure, would it?

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Ben Huntley: "RE: Student-Degree valuable or not?"