Re: Home laptops on a corporate network

["Kurt Buff" <kurt.buff () gmail com>]

Unless properly configured, data can be copied from the TS server to
the local hard drive.

Kurt

On 5/8/07, Adam Rosen <ajrosen () buffdata com> wrote:
> where would there be data leakage with TS and proper firewalls and policies to prevent sharing of client hard drives?
>
> Adam
>
> -----Original Message-----
> From:   "Kurt Buff" <kurt.buff () gmail com>
> Sent:   Tuesday, May 08, 2007 3:03 PM
> To:     "Adam Rosen" <ajrosen () buffdata com>
> Cc:     "security-basics () securityfocus com" <security-basics () securityfocus com>
> Subject:        Re: Home laptops on a corporate network
>
> Uh, not really. Well, not unless you do something like this:
>
> a) Laptops in firewalled subnet, only allowed access to Internet, no
> VPN to production subnets.
>
> b) TS machine in separate subnet, not exposed to world. Port 3389 (and
> ONLY port 3389) exposed to laptops in firewalled subnet. TS machine
> otherwise has access to resources on production subnet(s).
>
> Even then I'd cringe, because data leakage is still an issue.
>
>
>
> On 5/8/07, Adam Rosen <ajrosen () buffdata com> wrote:
> > Somehow I forgot to add Terminal Services to the list of options, but I think the cost on that would be prohibitive. 
> However, it does solve the problems.
> >
> > Adam
> >
> > -----Original Message-----
> > From:   "Kurt Buff" <kurt.buff () gmail com>
> > Sent:   Tuesday, May 08, 2007 12:57 PM
> > To:     "Adam Rosen" <ajrosen () buffdata com>
> > Cc:     "security-basics () securityfocus com" <security-basics () securityfocus com>
> > Subject:        Re: Home laptops on a corporate network
> >
> > They're bound by HIPAA, and still want this? The approach that you
> > haven't thought of is to talk with their corporate counsel, and ask
> > him to read HIPAA, and advise your clients about liability.
> >
> > Tell them to put down the crack pipe and step away. This is completely
> > against the intent and letter of HIPAA.
> >
> > Insanity.
> >
> > The company where I work now doesn't need HIPAA compliance, and it's
> > strictly against company policy to connect personal devices to the
> > corporate network.
> >
> > Just for fun, I'll mention 3 OSS NAC packages, but I still don't think
> > it's a good idea.
> >
> > http://ungoliant.sf.net
> >
> > http://netreg.sf.net
> >
> > http://freenac.net
> >
> > Kurt
> >
> > On 5/8/07, Adam Rosen <ajrosen () buffdata com> wrote:
> > > Hi all -
> > >
> > > I have a client who wants to allow employees to use their own laptops on
> > > the corp. wireless network so that they can access files on the server.
> > > I gave them a run-down of options (allow usual file sharing [bad idea],
> > > MS VPN quarantine [complex scripting], SharePoint services [not bad, but
> > > no printer access] and third party quarantine options).
> > >
> > > Aside from any other ideas someone may have, it seems to me that the
> > > third party compliance software/appliance, while probably being the most
> > > versatile is pretty costly. I found a couple starting at about $20K.
> > > Does anybody know of any devices that are significantly cheaper and can
> > > allow my client to do what they want? I should mention that they are
> > > bound by HIPAA regulations here. Or any approaches I haven't thought of?
> > >
> > > Thanks for the input.
> > >
> > > Adam
> > >
> > > Adam J. Rosen
> > > President
> > > Buffalo Data Solutions
> > > 716-913-6312
> > > ajrosen () buffdata com
> > > http://www.buffdata.com
> > >
> > >
> > >
> >