RE: Home laptops on a corporate network



I take it assigning the users who need to work from home company owned/managed laptops, and then providing VPN access to these laptops, is just not an option?

Setting up -somewhat- secure access to the corporate network from a staffers home computer just seems like too much trouble and too much risk for what you gain...it'd just be easier to buy/image/issue laptops.

On Fri, 11 May 2007, krymson@xxxxxxxxx wrote:

If this scenario is an absolute must, even in the face of HIPAA (and if this were my data, I'd be highly concerned about this company...), then I do like having users VPN into an isolated network segment and then connect to a Terminal Server to do their work.

However, not to throw monkeywrenches in, but this solution still does nothing about keyloggers, screenscrapers, or even a full-blown screen capture program running to record all this data. Even just one frame of a doc open can be enough to spoil your HIPAA party depending on the data these users have access to. Really, there's nothing you can do about this other than disallowing their home systems.

You do have to pretend two things:
1) Assume you have the filthiest, most infected, worm-ridden home PC ever connecting to your network.
2) Assume one of these workers will be wanting to sell this data or maliciously gather and use it.

You can take action against 1, but you're not going to be able to audit 2 unless you own the devices they are allowed to use.