NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Keeping SecureClient PC's Safe.



Hi guys,

Since SC itself is a personal firewall, a trojan could not be reached by the
attacker while the policy is effective and sin ce you can remove the ability
to logoff from the policy server (and thus removing the policy) you can rely
on SC security...

The addition of open SCV (Security Configuration Verification) as OPSEC
category on NG may add a lot of funcionallities of SC to third party apps.

Ex: You may check if a given OPSEC antivirus version is x.x prior to
authorize the user to the vpn...


In v4.1 you already have the ability to check certain local configurations
(if tcp/ip is the only protocol installed, etc) as well the personal
firewall funcionallity (with 4 pre defined policies) and on NG this support
was enhanced since you can now define custom policies from the policy editor
(in the desktop security tab) just like the firewall policies.

I hope this helps

Best regards

Aylton
----- Original Message -----
From: "Hanke, Christian (DC)" <[email protected]>
To: "'[email protected]'"
<[email protected]>
Sent: Tuesday, August 21, 2001 12:34 PM
Subject: RE: [FW1] Keeping SecureClient PC's Safe.


>
>
> Yes, current anti virus software is a must. Difficult if not impossible to
> insure that the home user keeps it current though. As far as software
> firewall solutions go, I have a hard time feeling as comfortable with them
> as I would with a hardware solution. Although, I must admit I have no
> evidence that they do not perform as well, or better perhaps, than a
> hardware device. Just a gut feeling that hardware is always better than
> software. What are the groups thoughts on the SecureClient/SecureRemote
> Desktop Policies that attempt to restrict traffic while connected via VPN.
> It seems to me that this is a somewhat limited protection but probably
> valuable none the less. Thoughts? Thanks all,
>
> Christian
>
> -----Original Message-----
> From: Padberg, Marlen [mailto:[email protected]]
> Sent: Tuesday, August 21, 2001 10:39 AM
> To: 'Hanke, Christian (DC)'
> Subject: RE: [FW1] Keeping SecureClient PC's Safe.
>
> We are contemplating this same issue with one of our clients...  It seems
> step 1 will be establishing a corporate policy enforcing users to have
> CURRENT anti-virus software (quite possibly the company providing its
staff
> with a licence for home use) and probably personal firewall software and
> unless they have this, they won't be provided with VPN software.  It is a
> valid concern as Microsoft was compromised using this technique (although
it
> took a hacker a month to do it).  A NAT home gateway device would help in
> the compromise department (although a personal firewall seems to provide
> good security in this respect).  Probably would cost less using a software
> solution (personal firewall software like Zone Alarm and Black Ice
Defender
> are free), however the hardware solution does provide a very solid
solution.
>
> Just my views.
>
> Marlen Padberg.
>
> -----Original Message-----
> From: Hanke, Christian (DC) [mailto:[email protected]]
> Sent: Monday, August 20, 2001 3:17 PM
> To: [email protected]
> Subject: [FW1] Keeping SecureClient PC's Safe.
>
>
>
>
> I am interested in what, if any, precautions others are taking to insure
> that the PC's using SecureClient to connect to their networks via VPN are
> not themselves compromised. My concern is that someone at home will be
virus
> laden, compromised by a trojan, or who knows what else and then in turn
> compromise our network security by tunneling in to our cooperate network.
Is
> this a valid concern? I am playing with the idea of requiring either a NAT
> box or one of the new Home Internet Gateways which include firewall
> functionality for users who wish to take advantage of the high speed VPN
> connection to our network. Of course, there would be no way to make sure
> their settings and configurations were optimal. What's everyone else doing
> about this? Your feedback would be greatly appreciated. Thanks all,
>
> Christian
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.