RE: Home laptops on a corporate network
- From: "Adam Rosen" <ajrosen@xxxxxxxxxxxx>
- Date: Tue, 8 May 2007 15:20:01 -0400
where would there be data leakage with TS and proper firewalls and policies to prevent sharing of client hard drives?
Adam
-----Original Message-----
From: "Kurt Buff" <kurt.buff@xxxxxxxxx>
Sent: Tuesday, May 08, 2007 3:03 PM
To: "Adam Rosen" <ajrosen@xxxxxxxxxxxx>
Cc: "security-basics@xxxxxxxxxxxxxxxxx" <security-basics@xxxxxxxxxxxxxxxxx>
Subject: Re: Home laptops on a corporate network
Uh, not really. Well, not unless you do something like this:
a) Laptops in firewalled subnet, only allowed access to Internet, no
VPN to production subnets.
b) TS machine in separate subnet, not exposed to world. Port 3389 (and
ONLY port 3389) exposed to laptops in firewalled subnet. TS machine
otherwise has access to resources on production subnet(s).
Even then I'd cringe, because data leakage is still an issue.
On 5/8/07, Adam Rosen <ajrosen@xxxxxxxxxxxx> wrote:
Somehow I forgot to add Terminal Services to the list of options, but I think the cost on that would be prohibitive. However, it does solve the problems.
Adam
-----Original Message-----
From: "Kurt Buff" <kurt.buff@xxxxxxxxx>
Sent: Tuesday, May 08, 2007 12:57 PM
To: "Adam Rosen" <ajrosen@xxxxxxxxxxxx>
Cc: "security-basics@xxxxxxxxxxxxxxxxx" <security-basics@xxxxxxxxxxxxxxxxx>
Subject: Re: Home laptops on a corporate network
They're bound by HIPAA, and still want this? The approach that you
haven't thought of is to talk with their corporate counsel, and ask
him to read HIPAA, and advise your clients about liability.
Tell them to put down the crack pipe and step away. This is completely
against the intent and letter of HIPAA.
Insanity.
The company where I work now doesn't need HIPAA compliance, and it's
strictly against company policy to connect personal devices to the
corporate network.
Just for fun, I'll mention 3 OSS NAC packages, but I still don't think
it's a good idea.
http://ungoliant.sf.net
http://netreg.sf.net
http://freenac.net
Kurt
On 5/8/07, Adam Rosen <ajrosen@xxxxxxxxxxxx> wrote:
> Hi all -
>
> I have a client who wants to allow employees to use their own laptops on
> the corp. wireless network so that they can access files on the server.
> I gave them a run-down of options (allow usual file sharing [bad idea],
> MS VPN quarantine [complex scripting], SharePoint services [not bad, but
> no printer access] and third party quarantine options).
>
> Aside from any other ideas someone may have, it seems to me that the
> third party compliance software/appliance, while probably being the most
> versatile is pretty costly. I found a couple starting at about $20K.
> Does anybody know of any devices that are significantly cheaper and can
> allow my client to do what they want? I should mention that they are
> bound by HIPAA regulations here. Or any approaches I haven't thought of?
>
> Thanks for the input.
>
> Adam
>
> Adam J. Rosen
> President
> Buffalo Data Solutions
> 716-913-6312
> ajrosen@xxxxxxxxxxxx
> http://www.buffdata.com
>
>
>
- Follow-Ups:
- Re: Home laptops on a corporate network
- From: Kurt Buff
- Re: Home laptops on a corporate network
- Prev by Date: RE: Home laptops on a corporate network
- Next by Date: Re: Home laptops on a corporate network
- Previous by thread: RE: Home laptops on a corporate network
- Next by thread: Re: Home laptops on a corporate network
- Index(es):
Relevant Pages
|
