Re: Worms, Air Gaps and Responsibility

[Mason Schmitt <sysadmin () sunwave net>]

On May 10, 2004 07:46 am, Gwendolynn ferch Elydyr wrote:
> On Sun, 9 May 2004, Vinicius Moreira Mello wrote:
> > have being taking is to isolate mobile users in a network (or VLAN)
> > regardless of their security state. As most of the mobile user's needs
> > are to read/send e-mail and use the web, they are restricted, with
> > packet filters, to do just these activities. This minimizes the threat
> > and is a good solution for many companies and univerisities.
>
> Beyond that, I think it's not accurate to presume that most mobile users
> are satisfied with email and web access.  One of the recurring questions
> that we receive from our mobile users is "How can I access <foo>", where
> <foo> is typically a document store, or a customer-facing application,
> like a parts ordering database.
A recent SANS webcast talked about using true thin client hardware or terminal 
server clients (and equivalents such as citrix, X, etc) for providing remote 
users or risky users access to document stores, and other LAN resources.  I 
think that using a thin client as a security tool is a great idea.

> Granted, you could probably work up a web interface for -everything-, but
> that's getting into a completely different headache [and it's still a
> pain to get documents edited...]
The thin client gets around this headache nicely.

-- 
Mason Schmitt

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards