RE: [FW1] Connecting to dirty networks.

Fri, 23 Jun 2000 07:30:09 -0700 


Secure client can be configured to push a desktop policy. That policy can
enforce you to lock-out all other networks that the user might be connected
to. In theory that sounds good. I'm not sure that its that perfect of a
world though. With users connecting to other networks before the desktop
policy is in place and such issues I would personally require more
protection then that.

I've seen people also use a firewall type product on that same machine that
denies all traffic other then the secure remote traffic. I've seen a product
called "ZoneInfo" which is a personal firewall. (www.zonelabs.com) Its a
decently simple product, but still can be confusing for end users. It is
cheap (like $20 - $30 or something for a single user license) but that can
get expensive when you take into account people have hundreds of users. Some
people also mentioned BlackICE. I haven't played with that yet, but some
people swear by it.

If you can convince users to always use something like a personal firewall,
then you might feel comfortable enough to put them on VPN.

GL
Will


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Tucker, Greg
Sent: Thursday, June 22, 2000 5:03 PM
To: 'Firewall-1'
Subject: [FW1] Connecting to dirty networks.



So we have Secure Client.

Is there anything else that can be used to allow trust of user accessing
your network when they might also be connected to a dirty network (cable,
dsl, dialup)?

If you're not using Secure Client, what are you using?
Or are you just letting them in?

There will be situations where users/networks will have to get into us,
where the trust of the connecting network is low.  Since Secure Client is
not likely an option, the only way I can see is to run IDSs and watch the
logs.

Anyone have other ideas?



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to