RE: Home laptops on a corporate network

[Shawn <swarzkopf () legolas sinnerz us>]

I take it assigning the users who need to work from home company 
owned/managed laptops, and then providing VPN access to these laptops, 
is just not an option?

Setting up -somewhat- secure access to the corporate network from a 
staffers home computer just seems like too much trouble and too much risk 
for what you gain...it'd just be easier to buy/image/issue laptops.

On Fri, 11 May 2007, krymson () gmail com wrote:

> If this scenario is an absolute must, even in the face of HIPAA (and if this were my data, I'd be highly concerned 
> about this company...), then I do like having users VPN into an isolated network segment and then connect to a Terminal 
> Server to do their work.
>
> However, not to throw monkeywrenches in, but this solution still does nothing about keyloggers, screenscrapers, or even a 
> full-blown screen capture program running to record all this data. Even just one frame of a doc open can be enough to spoil 
> your HIPAA party depending on the data these users have access to. Really, there's nothing you can do about this other 
> than disallowing their home systems.
>
> You do have to pretend two things:
> 1) Assume you have the filthiest, most infected, worm-ridden home PC ever connecting to your network.
> 2) Assume one of these workers will be wanting to sell this data or maliciously gather and use it.
>
> You can take action against 1, but you're not going to be able to audit 2 unless you own the devices they are allowed 
> to use.