RE: VPN Security Appliance suggestions?

[Michael Wright <mike.wright () gmail com>]

Microsoft ISA Server 2004 has a nifty VPN quarantine section that can do all
of the below. It basically runs a WMI / VB script (that you have to create),
and if everything checks out OK, it allows the workstation out of the
Quarantine and into the regular VPN network.

-----Original Message-----
From: lmwills () telus net [mailto:lmwills () telus net] 
Sent: Friday, September 30, 2005 4:35 PM
To: security-basics () securityfocus com
Subject: VPN Security Appliance suggestions?

Hi all - I have users that want to access the network from home.  Now their
home
machines are probably full of viruses, keyloggers, porn, spyware - who
knows.

Instead of havbing them bring in their machines to the office where I clean
them, I would like to implment some kind of appliance.

How I envision it: 

1.  The appliance maker has a software client that needs to be installed on
the
users machine.  The client checks to see if the computer is patched, if the
virus signatures are up to date, if a firewall is present  (and maybe what
ports
are open), checks the services, looks to see if spyware is installed etc.

2.  The users vpns into the network, the client reports all of its findings
to
the appliance.  The appliance checks its rules and if there is a match it
allows
the user in.  If there are discrepencies, it sends a report to the user and
the
system administrator who then both work on cleaning up the system so that it
can
pass through the next time.

I know Firebox has something in this neighbourhood and Cisco has the Cisco
Security Agent.  Are there any other thoughts - anybody using something
similar
that they love?

Thanks.

Lisa Wills