Security Basics mailing list archives
RE: Network Access Quarantine
From: "Adams, Tom" <tom.adams () mci com>
Date: Mon, 26 Jan 2004 20:58:39 +0000
Why not force them to VPN in?
That is one approach but all it buys you that you've strongly authenticated your user, assuming you allow access to everything from there. You might be better off segmenting your Internal Data Network so that desktop users don't have complete access to the corporate jewels. You then require access to the "jewels" segment(s) to be strictly limited requiring strong authentication and acls allowing them only access to the systems they need to admin. The "jewels" segment(s) would be acl'ed denying everything by default and having acls in place to only allow "necessary" ports and ips open both inbound and outbound. You could use VPN Servers, AppGate clusters, Citrix, etc. to "firewall" access to your "jewels" segment(s). One last item...don't allow unlimited access between your desktop segments. Users "shouldn't" need access from one desktop segment to another :-)...I would hazard a guess that this is where most of your infections come from :-( --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Re: Network Access Quarantine, (continued)
- Re: Network Access Quarantine Steve (Jan 26)
- Re: Network Access Quarantine Random Task (Jan 27)
- RE: Network Access Quarantine Moody, Chris (Jan 21)
- RE: Network Access Quarantine Rosenhan, David (Jan 21)
- RE: Network Access Quarantine Nagy Gergely (Jan 22)
- RE: Network Access Quarantine Kuhl, Vince (DotComm) (Jan 21)
- Re: Network Access Quarantine Matthew Kemp (Jan 22)
- RE: Network Access Quarantine John Kingston (Jan 26)
- RE: Network Access Quarantine Shawn Jackson (Jan 26)
- RE: Network Access Quarantine Rosenhan, David (Jan 26)
- RE: Network Access Quarantine Adams, Tom (Jan 26)
- Re: Network Access Quarantine Jeff Friend (Jan 28)
- Re: Network Access Quarantine Steve (Jan 26)