[windows2000] Re: Remote connection
- From: "Daniel Ensor" <densor@xxxxxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Fri, 13 May 2005 11:29:12 +0100
Hi Chris
I've had this argument myself with management. It is the old story they
have home PC's which most likely are riddled with viruses and spyware
and then they want to connect directly into the office.
We run Citrix here and run Nfuse this allows them to access all their
stuff without a direct link like a VPN/RAS solution. However the real
worry with this is keystroke loggers... After all viruses are only one
side of the story. You can never vouch for the machines they use.
Terminals would be a good solution, the more advanced have IE built in
so you could use with Nfuse but even the most basic like WYSE 1200LE
model have dial up capability so could support most techniques for
connection etc.
I guess there is also the question of what do they actually want to
access. If it's only the mail then there are plenty of options whereby
they'd never need to get onto the actual network.
As I say I use Nfuse and change users passwords via scripts about once a
month, I furnish the users with anti virus (sophos) which remote updates
off servers in work so I can check that they are updating (in my
experience a users home anti virus cannot be trusted). I also include
Anti Spyware (I've been using the MS antispyware beta with the giant
engine) and get them to sign a usage agreement but at the end of the day
if the network is compromised it's my responsibility to get it back!
Usability versus security...
Hope that helps
Dan
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Chris Berry
Sent: 13 May 2005 00:28
To: windows2000@xxxxxxxxxxxxx; oclug@xxxxxxxxx
Subject: [windows2000] Remote connection
Our company has reached the stage where some managers are starting
to want remote access to the network from the road and/or their house.
The obvious solution is to install a VPN, however they are insisting on
using their own equipment for cost/convenience reasons. Given that
several of these individuals are routinely infected, manage to delete
their own firewall software, etc. I'm not too excited about the
prospect of opening our network up that way.
My first response was to insist that they either use company
equipment, or have a second drive/partition set up by IT and used only
for work. This is not proving as easy, cheap or convenient as it needs
to be to convince them. At the moment we're deadlocked on
convenience/price vs. security.
One possiblity I've been thinking about is terminals. I won't be
able to control the OS of the users system, and it's most likely to be
some flavor of MS, even though we're heading towards a mixed environment
here at work. If a user opens up a remote terminal window on an
infected home machine, can the infection migrate from the host to the
terminal session? Are there any security implications here?
I'd like to solicit some additional opinions on options of how to
handle this situation. I'm in the research phase right now, so any and
all possible solutions are welcome.
--
Chris Berry
chris_berry@xxxxxxxxxxxxxxxxx
Information Advisory Manager
JM Associates
"There is nothing so useless as doing efficiently that which should not
be done at all." --Peter Drucker
********************************************************
This Weeks Sponsor: Straymonkey.com
Excellent web templates, fonts, and downloads on this new site brought
to you by The Kenzig Group http://www.straymonkey.com
**********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
********************************************************
This Weeks Sponsor: Straymonkey.com
Excellent web templates, fonts, and downloads
on this new site brought to you by The Kenzig Group
http://www.straymonkey.com
**********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
