Security Basics mailing list archives
Re: Roaming Firewall Solution Information
From: GuidoZ <uberguidoz () gmail com>
Date: Tue, 14 Dec 2004 03:41:54 -0500
Randy, that's awesome that you've found a solution that will work for you. However, don't be too confident in this statement:
While the Integrity product does require a master server that the clients routinely connect to, it allows for seamless non-intrusive security on the OS. The Integrity client runs as a process that they user (no matter their account privilege level) cannot adjust. So there is no chance that they will compromise themselves.
Take a peek at some freeware tools from DiamondCD here: - Advanced Process Termination (http://www.diamondcs.com.au/index.php?page=apt) - Advanced Process Manipulation (http://www.diamondcs.com.au/index.php?page=apm) Their program "ProcessGuard" (http://www.diamondcs.com.au/processguard/) might be a good addition to these systems. You can get 50 licenses for under $300. If nothing else, try to kill the process with the freeware tools above. If you are able to, then ProcessGuard may be worth a look. =) P.S. I'm in no way affiliated with DiamondCS or ProcessGuard. Just had expereince with their tools and recommend their software. -- Peace. ~G On Mon, 13 Dec 2004 22:18:03 -0000, Keith Bucknall (Home) <keith.bucknall () zen co uk> wrote:
Randy Many thanks for the information, we are on a very tight budget and my boss is very much Anti Cisco - it is a long story. So anything else I can look at would be great the only problem we have is 500 users.. So this option may be a little expensive. Thanks keith -----Original Message----- From: Randy Williams [mailto:randyw () techsource com] Sent: 13 December 2004 17:59 To: Keith Bucknall (Home) Cc: security-basics () lists securityfocus com Subject: Re: Roaming Firewall Solution Information Greetings Keith, We have a current project, awaiting funding, that would do almost exactly what you are looking to do with the ZoneAlarm Integrity client/sever product. While the Integrity product does require a master server that the clients routinely connect to, it allows for seamless non-intrusive security on the OS. The Integrity client runs as a process that they user (no matter their account privilege level) cannot adjust. So there is no chance that they will compromise themselves. The pricing we got for a 50 user rollout was about $3,700 with the 2-year maintenance package. They were charging about $65.00/seat for both the client and the server. This may be a bit outside your budget, but our review found that it was the best solution for us. Being a small company it will be a real win for us. RandyW Keith Bucknall (Home) wrote:Hi there I am looking into the Cisco CSA agent software, take a look atwww.cisco.comfor more detials ------------------------------------------------------------------------------------------------------------------------------------------------------ Many thanks..... Mr Keith Bucknall -----Original Message----- From: G.Crow [mailto:secure.computing () gmail com] Sent: 10 December 2004 01:16 To: security-basics () lists securityfocus com Subject: Roaming Firewall Solution Information Greetings, I'm seeking a firewall solution that I can deploy on my mobile users laptops. I've done some research into this, but in my position I've been extremely pressed for time lately, and don't know if I can get the research done in the near future, especially since quotes for the products I'm familiar with are hard to come by for business users. Any experiences, help, or recommendations into this are more than welcome. Basically I'm tired of worrying if my users are going to bring home the next big thing. I know what I'd pick for myself, but I'm not so sure what is so good for end users - I'm looking for something I can set up a base template of rules for and leave running without forcing my users to make 'hard' choices in the field - and therefore call me. I'm not currently looking at one of the centrally managed firewall solutions, primarily for cost reasons - I'm doing this outside of the central IT budget for a subset of users specific to my facility. I haven't seen any particular studies on this issue, and testing all the various products out there isn't in my immediate time scope. My criteria/situation is as follows: -Environment: Mixed Win2k SP4/WinXP SP1 laptops. Varied hardware. ~20-30 or so. -Budget: $50 a head or so, lower preferable, but variance is allowed. -Desired features: Importable rulesets, local logging, user-friendly (as they *will* end up making it ask about some traffic) -Compatibility: Cisco VPN Client, Novell, Internal web apps, i.e. nothing too extreme except for possibly the Cisco client -Timeframe: Trying to get this purchased before 2005 I've looked into ZoneAlarm and Checkpoint Integrity, but Zone Labs is elusive in which product they will license to business customers, and at what price, so I'm unsure even of what product to test. Checkpoint seems a little pricey for the simplified solution I'm going for - however unlike ZoneAlarm and Tiny, I haven't played with it to be sure. My experience with Tiny has been anything but user-friendly, a key concern. I also haven't used recent versions, so I don't know if it's improved. Kerio I haven't used, and I'm unsure of other client-based unmanaged firewalls to check out. Thank you for any help you can provide, Gabe secure dot computing at gmail d0t com
Current thread:
- Roaming Firewall Solution Information G.Crow (Dec 10)
- RE: Roaming Firewall Solution Information Keith Bucknall (Home) (Dec 13)
- Re: Roaming Firewall Solution Information Randy Williams (Dec 13)
- RE: Roaming Firewall Solution Information Keith Bucknall (Home) (Dec 13)
- Re: Roaming Firewall Solution Information GuidoZ (Dec 14)
- Re: Roaming Firewall Solution Information Randy Williams (Dec 13)
- RE: Roaming Firewall Solution Information Keith Bucknall (Home) (Dec 13)
- <Possible follow-ups>
- RE: Roaming Firewall Solution Information G.Crow (Dec 13)
- RE: Roaming Firewall Solution Information Erickson, Tom (Dec 14)
- RE: Roaming Firewall Solution Information G.Crow (Dec 15)
- Re: Roaming Firewall Solution Information Randy Williams (Dec 16)
- RE: Roaming Firewall Solution Information G.Crow (Dec 15)