RE: Home laptops on a corporate network



Totally agree, not recommended.

Earlier we had some posts about patch management, and from what I
gathered, you could get some control by using PatchLink. Although, that
does not protect you 100%, you could place the VPN users on their own
VLAN where you can restrict the amount of access to internal
servers/services.

I've seen a different "solution" (not sure how much of a solution that
is) where the firewall is a high end Sonicwall, like the 4060 etc, and
the VPN clients were terminated to their own LAN segment. Then the
Sonicwall would use it's Security Services (Content filter, gateway AV,
Client AV enforcement, anti-spy ware, intrusion prevention) to filter
traffic between the VPN users and the rest of the network.

Also I'm not too familiar with the restrictions of HIPAA and SOX, so the
above might not event be "allowed" according to HIPAA/SOX.

I think this is a very common scenario, so any feedback (NOT FLAMING) is
appreciated.

-Petter

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of christopherkelley@xxxxxxxxxxx
Sent: Tuesday, May 08, 2007 10:12 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Home laptops on a corporate network

I'd recommend NOT doing this. Especially if you are trying comply with
HIPAA. Keep in mind that you will have little to no management
capability over these personal laptops, which means you have no ability
to verify patch level and AV update on these machines that may have EPHI
on them. Not to mention the fact that these employees are probably
taking them home and plugging them into their home networks, where they
(or their kids) are running bearshare, gnutella, grokster, bitorrent,
and surfing to unfiltered web sites. Not only does this mean that they
are potentially exposing critical data in this manner, it also means
they are bringing potentially infested computers into the soft chewy
center of your network.


Whenever you have an employee with a laptop, you create a liability to
your network, allowing them to use personal laptops presents an even
bigger liability. IMHO, this level of risk is unacceptable, especially
from a HIPAA compliance standpoint.



Relevant Pages

  • Patch Management
    ... we have about 50 PC's on our network and 3 Servers. ... What would you recommend ... as the easiest way to manage these, as far as patch management and critical ...
    (microsoft.public.win2000.general)
  • Re: Printing issue...
    ... another XP Pro machine in the same domain!! ... I hear what you are saying regarding the personal laptops. ... network, they are goong to get the most recent virus def files. ... >> with which to connect to the tele11 machine. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Patch Management on Critical Servers (Healthcare)
    ... that "test" can be merely a "canary" of a user on your network before you roll that patch out to the rest of the network. ... The test system must be at the same level as production. ... They run the patchmanagement.org listserve that discusses patch management platforms and patching issues. ... After the hours it took to manually run around and patch 1000+ computers, our upper management finally approved a WSUS server. ...
    (Focus-Microsoft)
  • RE: Home laptops on a corporate network
    ... Home laptops on a corporate network ... One of the advantages of using SMS for patch management is you can force ...
    (Security-Basics)
  • Re: Home laptops on a corporate network
    ... One of the advantages of using SMS for patch management is you can force a patch scan and push as soon as they connect to the network. ... Home laptops on a corporate network ...
    (Security-Basics)