One can't control the possibility of malware on ANY computer, state owned or not. As a state contractor that has to adhere to their strict standards I CAN tell you that products like the IAG (we have it's progenitor, Whale SSL VPN) allow a much greater deal of security while allowing some actual work to be done. It's far more desireable than jump drives or no access at all. YMMV John W. Cook Systems Administrator Partnership For Strong Families Sent to you from my Blackberry in the Cloud
----- Original Message ----- From: Erik Goldoff <egold...@gmail.com> To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com> Sent: Tue Dec 23 13:21:52 2008 Subject: RE: File share Don't beg <g> And NO, you can't dictate the USE of such, only deny connections for those that don't match the requirement. Not a viable alternative in every environment... In many places, if you dictate the use of specific software on personally owned equipment as part of remote access, you may find you have to provide said software on your budget, and could potentially become embroiled in support for any conflicts/issues that arise ... This I've seen and can state as fact, not just my opinion ... Erik Goldoff IT Consultant Systems, Networks, & Security -----Original Message----- From: John Cook [mailto:john.c...@pfsf.org] Sent: Tuesday, December 23, 2008 1:15 PM To: NT System Admin Issues Subject: Re: File share Beg to differ, look up Microsoft IAG. Not cheap but you CAN dictate AV, patch level, etc on the connecting endpoint. John W. Cook Systems Administrator Partnership For Strong Families Sent to you from my Blackberry in the Cloud ----- Original Message ----- From: Erik Goldoff <egold...@gmail.com> To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com> Sent: Tue Dec 23 13:13:06 2008 Subject: RE: File share "so I CANNOT transmit malware directly from my home network to their network. Well, can't while connected to VPN anyway :)" If it is NOT a state owned (or company owned in another scenario) computer, then there is no way to enforce a particular level of anti-virus, anti-spam, anti-malware protection, and once a VPN connection is made, you've blasted a DIRECT connection to an interior subnet INSIDE the firewall that helps protect against such things I think RDP is at least as secure, if not more so than VPNs for personally owned equipment to connect with. Just my opinion, your mileage may vary Erik Goldoff IT Consultant Systems, Networks, & Security -----Original Message----- From: Bill Monicher [mailto:bmacd5...@gmail.com] Sent: Tuesday, December 23, 2008 12:17 PM To: NT System Admin Issues Subject: Re: File share I don't know what VPN system you are using, or have looked at, but we are using a Cisco VPN. Only domain members can connect using it. If you try to install the client on your home PC, then is tries to authenticate the computer agains the domain, which fails. The national network people set up a category for suppliers/contractors that does not do this, but you don't need to. From what I've seen VPNs provide MORE secure than any other option, not less. Under our setup, when I connect my laptop using VPN, my home network disappears, so I CANNOT transmit malware directly from my home network to their network. Well, can't while connected to VPN anyway :) Unfortunately I don't have a copy of the client available right now, so can't tell you version, but if you are interested, email me off-list --BM On Mon, Dec 22, 2008 at 11:24 AM, Glen Johnson <gjohn...@vhcc.edu> wrote: > Guess I should have been clearer, non state owned computers cannot > connect to our LAN so no VPN. > Not just security but policy I don't make, just enforce. > Thanks. > Glen. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~