-
May 20th, 2009, 08:35 AM
#1
Junior Member
Laptop Endpoint Security
Hi All,
Our company was evaluating Websense Remote filtering tool for our
laptop users so that we can enforce the Internet security policy on
the laptops.
But while doing Risk assessment it was noticed that if the hacker is
able to compromise the Websense Remote Filtering server in the DMZ he
may try to get into the internal LAN since the direct connection is
established between DMZ machine and the internal server for doing user
based filtering with the help of Active Directory.This is a risk.
I wanted your suggestions on the following:
1. What are the other products which can be evaluated for internet filtering?
2. What are the chances of the above risk materializing ?
3. Any other best practices you can suggest?
Thanks in advance.
-
May 20th, 2009, 07:43 PM
#2
I use websense and I force my laptop users to use MY gateway for Internet access (Cisco VPN) Pisses them off but I don't give a ****.
I also use TrendMicro OfficeScan on the remote laptops. Trend is releasing version 10 in a few months and their marketing department explains that there are lots of end point security measures in place with that version. I will be looking at that, perhaps you should also.
Another thing WebSense has is the WDC agent. If a program or process isn't registered with WDC it is not allowed to run. I found that too restrictive in that it hampered authorized business needs, especially in the sales departments.
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
May 20th, 2009, 08:26 PM
#3
I force my laptop users to use MY gateway for Internet access (Cisco VPN)
dino, do you mean all internet traffic for your remote users goes through your gateway? e.g. no split tunnel?
In God We Trust....Everything else we backup.
-
May 22nd, 2009, 01:10 PM
#4
Nope I do not split the tunnel. Which pisses off a few but I really don't care.
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
May 22nd, 2009, 01:39 PM
#5
Dino-a true bastard.........and my hero
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
May 24th, 2009, 09:21 PM
#6
Originally Posted by morganlefay
Dino-a true bastard.........and my hero
MLF
Heh, I leave for ONE month, and THIS is what I come back to? Ugh.
If making someone use that is considered harsh, I guess that time I made the password policy with a generator so each password resembled pronounceable line noise and had a minimum of 12 chars I was being nice? (The line noise idea I got from Simon Travaglia himself) the 12 chars minimum password length was mine.
If someone didn't obey, well, FreeBSD lets you chsh to anything technically like rm -rf /usr/home/luser
-
May 25th, 2009, 11:55 AM
#7
Heh, I leave for ONE month, and THIS is what I come back to? Ugh.
I am not sure what your issues is with that post Gore........maybe you can clarify it for me without going on some oxycontin fueled rant
IMHO....you need to lighten the fook up....
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
May 25th, 2009, 12:46 PM
#8
Originally Posted by morganlefay
I am not sure what your issues is with that post Gore........maybe you can clarify it for me without going on some oxycontin fueled rant
IMHO....you need to lighten the fook up....
MLF
Clarified version:
Dino is a friend, we both get into BOFH, we have friendly competition as to who is the real BOFH here, we've been buddies ever since.
Who the hell rants while on Oxy?
How come his bastardness was hero like and mine was considered a rant?
I wasn't here because of a family tragedy I'm not going into, and have lightened up like a cool mountain rain since.
Crystal?
Last edited by gore; May 25th, 2009 at 12:51 PM.
-
May 28th, 2009, 01:20 PM
#9
Junior Member
if i disable spilt tunnel then the vpn will force the traffic to pass through the corporate network but if i am not using VPN then i still will be able to browse the sites on the company given laptop which i should not isnt it?
What can be the solution to this?
-
May 26th, 2009, 02:25 AM
#10
Meth?
Blue Persuasion?
Carrington?
Ship?
In God We Trust....Everything else we backup.
Similar Threads
-
By nightcat in forum The Security Tutorials Forum
Replies: 9
Last Post: May 28th, 2005, 02:47 AM
-
By AngelicKnight in forum Newbie Security Questions
Replies: 37
Last Post: June 28th, 2004, 01:29 PM
-
By tekno in forum Microsoft Security Discussions
Replies: 61
Last Post: October 15th, 2003, 07:51 AM
-
By xmaddness in forum Miscellaneous Security Discussions
Replies: 1
Last Post: July 18th, 2002, 04:36 AM
-
By xmaddness in forum Miscellaneous Security Discussions
Replies: 0
Last Post: May 29th, 2002, 09:27 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|