Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Laptop Endpoint Security

  1. #1
    Junior Member
    Join Date
    Mar 2006
    Posts
    15

    Laptop Endpoint Security

    Hi All,

    Our company was evaluating Websense Remote filtering tool for our
    laptop users so that we can enforce the Internet security policy on
    the laptops.
    But while doing Risk assessment it was noticed that if the hacker is
    able to compromise the Websense Remote Filtering server in the DMZ he
    may try to get into the internal LAN since the direct connection is
    established between DMZ machine and the internal server for doing user
    based filtering with the help of Active Directory.This is a risk.

    I wanted your suggestions on the following:

    1. What are the other products which can be evaluated for internet filtering?

    2. What are the chances of the above risk materializing ?

    3. Any other best practices you can suggest?


    Thanks in advance.

  2. #2
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    I use websense and I force my laptop users to use MY gateway for Internet access (Cisco VPN) Pisses them off but I don't give a ****.

    I also use TrendMicro OfficeScan on the remote laptops. Trend is releasing version 10 in a few months and their marketing department explains that there are lots of end point security measures in place with that version. I will be looking at that, perhaps you should also.

    Another thing WebSense has is the WDC agent. If a program or process isn't registered with WDC it is not allowed to run. I found that too restrictive in that it hampered authorized business needs, especially in the sales departments.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  3. #3
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    I force my laptop users to use MY gateway for Internet access (Cisco VPN)
    dino, do you mean all internet traffic for your remote users goes through your gateway? e.g. no split tunnel?
    In God We Trust....Everything else we backup.

  4. #4
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    Nope I do not split the tunnel. Which pisses off a few but I really don't care.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Dino-a true bastard.........and my hero

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Quote Originally Posted by morganlefay View Post
    Dino-a true bastard.........and my hero

    MLF
    Heh, I leave for ONE month, and THIS is what I come back to? Ugh.

    If making someone use that is considered harsh, I guess that time I made the password policy with a generator so each password resembled pronounceable line noise and had a minimum of 12 chars I was being nice? (The line noise idea I got from Simon Travaglia himself) the 12 chars minimum password length was mine.

    If someone didn't obey, well, FreeBSD lets you chsh to anything technically like rm -rf /usr/home/luser


  7. #7
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Heh, I leave for ONE month, and THIS is what I come back to? Ugh.
    I am not sure what your issues is with that post Gore........maybe you can clarify it for me without going on some oxycontin fueled rant

    IMHO....you need to lighten the fook up....

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  8. #8
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Quote Originally Posted by morganlefay View Post
    I am not sure what your issues is with that post Gore........maybe you can clarify it for me without going on some oxycontin fueled rant

    IMHO....you need to lighten the fook up....

    MLF
    Clarified version:

    Dino is a friend, we both get into BOFH, we have friendly competition as to who is the real BOFH here, we've been buddies ever since.

    Who the hell rants while on Oxy?

    How come his bastardness was hero like and mine was considered a rant?

    I wasn't here because of a family tragedy I'm not going into, and have lightened up like a cool mountain rain since.

    Crystal?
    Last edited by gore; May 25th, 2009 at 12:51 PM.

  9. #9
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    Crystal?
    Meth?
    Blue Persuasion?
    Carrington?
    Ship?
    In God We Trust....Everything else we backup.

  10. #10
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    You missed "Method" who put out a new album a while back with a Doors tribute song, which is what I think you meant by Ship.

Similar Threads

  1. Apache, PHP, MySQL with basic security settings.
    By nightcat in forum The Security Tutorials Forum
    Replies: 9
    Last Post: May 28th, 2005, 02:47 AM
  2. Best Security Websites
    By AngelicKnight in forum Newbie Security Questions
    Replies: 37
    Last Post: June 28th, 2004, 01:29 PM
  3. Microsoft plans Windows overhaul to fight hackers
    By tekno in forum Microsoft Security Discussions
    Replies: 61
    Last Post: October 15th, 2003, 07:51 AM
  4. NEWS: This Week in Security
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: July 18th, 2002, 04:36 AM
  5. Latest SANS Update
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: May 29th, 2002, 09:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •