RE: Mobile Users and Firewalls - best practices?

• Previous message: TOSE: "Re: block MSN Messenger"
• Maybe in reply to: lmwills_at_telus.net: "Mobile Users and Firewalls - best practices?"
• Next in thread: Byron L. Sonne: "Re: Mobile Users and Firewalls - best practices?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 28 Apr 2005 09:19:17 -0400
To: <lmwills@telus.net>, <security-basics@securityfocus.com>

Hi Lisa,

Laptops and notebooks are a real problem. In my opinion, they should be treated as foreign systems as soon as they leave the relative safety of your firewall. They may have a hardware firewall at home, but it probably cost $50, and gives them $50 worth of protection. They may or may not connect to another network at some point, perhaps a client's network, or a friend's wireless, who knows?

If the firewall can be turned off, it probably will be at some point. Not good. Something will be blocked that they just HAVE to see. They will download something, open or install it, and wham-bam-thank-you-maam, they now have the latest and greatest remote access Trojan on the system. It may not be evident to the user, and of course the next morning, they plug into your network, behind the firewall. The RAT makes an outbound call, so the hardware firewall allows it to communicate with the bot-net or remote host. Ahhh, sweet to have authenticated Domain access, no need to hack around for passwords... Of course, there is always the joy of worms and other malware that may circulate around your LAN/WAN, causing general turmoil and confusion.

Any software firewall is better than none. For corporate use, it should provide:
1) Ingress and Egress monitoring/filtering (NOT SP2's "firewall")
2) A standard rule-set that reduces the need for the user to allow or deny access requests. (Chances are they will ALWAYS say yes!)
3) Constant updates to signature files and standard rules.
4) A central management console to ease administrative burden.

Nice to have are IDS, malware ID, etc.

Just my 2¢

Mark Brunner
Security Manager
Fasken Martineau DuMoulin LLP

This communication is solicitor/client privileged and contains confidential information intended only for the person(s) to whom it is addressed. Any unauthorized disclosure, copying, other distribution of this communication or taking any action on its contents is strictly prohibited. If you have received this message in error, please notify us immediately and delete this message without reading, copying or forwarding it to anyone.

-----Original Message-----
From: lmwills@telus.net [mailto:lmwills@telus.net]
Sent: Wednesday, April 27, 2005 12:55 PM
To: security-basics@securityfocus.com
Subject: Mobile Users and Firewalls - best practices?

My company has a hardware firewall. Most of my users who have laptops have
hardware firewalls at home - but for those who don't I was going to recommend
they use Sygate as their personal software firewall when they are not in the office.

What are your suggestions?

Does the user activate their software firewall when out of the office and then
drop it when they are behind the hardware firewall?

Are there conflicts beetween the two firewalls?

Is there a firewall out there that you feel is really great that I might be missing?

Lisa Wills

• Previous message: TOSE: "Re: block MSN Messenger"
• Maybe in reply to: lmwills_at_telus.net: "Mobile Users and Firewalls - best practices?"
• Next in thread: Byron L. Sonne: "Re: Mobile Users and Firewalls - best practices?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]