Security Basics mailing list archives
RE: Home laptops on a corporate network
From: "Nick Duda" <nduda () VistaPrint com>
Date: Tue, 8 May 2007 13:53:34 -0400
Using a product like Cisco Clean Access (CAS/CAM) allows you to control patch level and antivirus before a system is allowed access to your network. It can drop them into a remediation vlan with a remediation server to they can "fix" the problem right away. CCA client runs on the laptop and when connected to the network (in a default unsecure vlan) talks to the CAS, gets its policy and starts its thing. No computer cant get on the VPN or WiFi here unless it has what we require installed for patches and av (software and dats). It can be run in-band and out-of-band (dynamically change vlan on interfaces). Because its client / server based, it allows for a boatload of other custom scans and searches. If you tell it to look for certain files/services (bearshare, bitorrent..etc) and if present deny access...etc. It's a pretty sweet appliance, but with a price tag. Can't imagine running a VPN/Wifi in corporate without it. The fact of most businesses is that ease of use usually overrules security (in not all cases). If the CEO of a company demands that home laptops are to be used, find a solution that allows it. This is one. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of christopherkelley () hotmail com Sent: Tuesday, May 08, 2007 1:12 PM To: security-basics () securityfocus com Subject: Re: Home laptops on a corporate network I'd recommend NOT doing this. Especially if you are trying comply with HIPAA. Keep in mind that you will have little to no management capability over these personal laptops, which means you have no ability to verify patch level and AV update on these machines that may have EPHI on them. Not to mention the fact that these employees are probably taking them home and plugging them into their home networks, where they (or their kids) are running bearshare, gnutella, grokster, bitorrent, and surfing to unfiltered web sites. Not only does this mean that they are potentially exposing critical data in this manner, it also means they are bringing potentially infested computers into the soft chewy center of your network. Whenever you have an employee with a laptop, you create a liability to your network, allowing them to use personal laptops presents an even bigger liability. IMHO, this level of risk is unacceptable, especially from a HIPAA compliance standpoint. --------------------- Confidentiality note The information in this email and any attachment may contain confidential and proprietary information of VistaPrint and/or its affiliates and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you are hereby notified that any review, reliance or distribution by others or forwarding without express permission is strictly prohibited and may cause liability. In case you have received this message due to an error in transmission, please notify the sender immediately and delete this email and any attachment from your system. ---------------------
Current thread:
- Re: Home laptops on a corporate network christopherkelley (May 08)
- RE: Home laptops on a corporate network Petter Bruland (May 08)
- Re: Home laptops on a corporate network gjgowey (May 09)
- Re: Home laptops on a corporate network Christopher Kelley (May 09)
- RE: Home laptops on a corporate network Adam Rosen (May 09)
- Re: Home laptops on a corporate network gjgowey (May 09)
- RE: Home laptops on a corporate network Adam Rosen (May 09)
- RE: Home laptops on a corporate network Petter Bruland (May 08)
- RE: Home laptops on a corporate network Nick Duda (May 08)
- Re: Home laptops on a corporate network gjgowey (May 08)
- Re: Home laptops on a corporate network Ansgar -59cobalt- Wiechers (May 08)
- Re: Home laptops on a corporate network Yousef Syed (May 09)
- RE: Home laptops on a corporate network Adam Rosen (May 09)
- Re: Home laptops on a corporate network gjgowey (May 09)
- RE: Home laptops on a corporate network Petter Bruland (May 09)
- RE: Home laptops on a corporate network Crawley, Jim (May 09)
- Re: Home laptops on a corporate network Rob Creely (May 10)
- Re: Home laptops on a corporate network Yousef Syed (May 09)
- Message not available
- Re: Home laptops on a corporate network Johnny Wong (May 09)
- RE: [bugtraq] Re: Home laptops on a corporate network mathew_ericson (May 10)