From: Richard B. 

On Fri, 17 Dec 2004 23:50:16 +0000, Adam Flinton
 wrote:

>Not if you keep it simple.
>
>Generally the fun starts once people want "exceptions" .
>
>2 lists.
>
>Mac addresses of fixed devices & Mac addresses of mobile devices.
>
>Assign tcp settings on remote dhcp client accordingly .

No exceptions, no prisoners!

>Mostly "exceptions". It depends on what ports are to be
opened & not
>which are to be shut.

I try to keep the ship tight and only open less common ports on an as needed basis.

>If it's spyware & exploits getting in then....treat all non-mobile as
>being part of a more trusted "area" than the "mobiles".

Here I can control via filtering many bad sites, but outside the office
when he connects via DHCP to the motel's network I begin to worry.

>Where mobile includes having another route out to the net (inc modem or
>wifi or 3G/gprs etc.

In the end some responsibility has to be shared by the user, I just want to
mitigate that to as small a share as possible.  Since we are starting off
with only a couple of devices initially hopefully I can see how to handle
the various scenarios, maybe take the tablet on a trip or two and check out
my efforts to secure it.

- Richard

--- BBBS/NT v4.01 Flag-5