Hi Chris I've had this argument myself with management. It is the old story they have home PC's which most likely are riddled with viruses and spyware and then they want to connect directly into the office. We run Citrix here and run Nfuse this allows them to access all their stuff without a direct link like a VPN/RAS solution. However the real worry with this is keystroke loggers... After all viruses are only one side of the story. You can never vouch for the machines they use. Terminals would be a good solution, the more advanced have IE built in so you could use with Nfuse but even the most basic like WYSE 1200LE model have dial up capability so could support most techniques for connection etc. I guess there is also the question of what do they actually want to access. If it's only the mail then there are plenty of options whereby they'd never need to get onto the actual network. As I say I use Nfuse and change users passwords via scripts about once a month, I furnish the users with anti virus (sophos) which remote updates off servers in work so I can check that they are updating (in my experience a users home anti virus cannot be trusted). I also include Anti Spyware (I've been using the MS antispyware beta with the giant engine) and get them to sign a usage agreement but at the end of the day if the network is compromised it's my responsibility to get it back! Usability versus security... Hope that helps Dan -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Chris Berry Sent: 13 May 2005 00:28 To: windows2000@xxxxxxxxxxxxx; oclug@xxxxxxxxx Subject: [windows2000] Remote connection Our company has reached the stage where some managers are starting to want remote access to the network from the road and/or their house. The obvious solution is to install a VPN, however they are insisting on using their own equipment for cost/convenience reasons. Given that several of these individuals are routinely infected, manage to delete their own firewall software, etc. I'm not too excited about the prospect of opening our network up that way. My first response was to insist that they either use company equipment, or have a second drive/partition set up by IT and used only for work. This is not proving as easy, cheap or convenient as it needs to be to convince them. At the moment we're deadlocked on convenience/price vs. security. One possiblity I've been thinking about is terminals. I won't be able to control the OS of the users system, and it's most likely to be some flavor of MS, even though we're heading towards a mixed environment here at work. If a user opens up a remote terminal window on an infected home machine, can the infection migrate from the host to the terminal session? Are there any security implications here? I'd like to solicit some additional opinions on options of how to handle this situation. I'm in the research phase right now, so any and all possible solutions are welcome. -- Chris Berry chris_berry@xxxxxxxxxxxxxxxxx Information Advisory Manager JM Associates "There is nothing so useless as doing efficiently that which should not be done at all." --Peter Drucker ******************************************************** This Weeks Sponsor: Straymonkey.com Excellent web templates, fonts, and downloads on this new site brought to you by The Kenzig Group http://www.straymonkey.com ********************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ******************************************************** This Weeks Sponsor: Straymonkey.com Excellent web templates, fonts, and downloads on this new site brought to you by The Kenzig Group http://www.straymonkey.com ********************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm