From: Adam Flinton 

Richard B. wrote:
> On Fri, 17 Dec 2004 06:18:41 -0500, "Geo"
 wrote:
>
>
>>Find out his requirements, what he means by "access" then
restrict by what
>>ports you allow and what internal IP's you allow him to touch, keep it to
>>the bare minimum. Also I would load his machine up with firewall, AV, and I
>>would probably set things up so his access would accidently
"break" every
>>now and then so I could get hold of his machine and make sure it's
>>secured/cleaned.
>
>
> He would want email and file access which would let him touch some
> important devices like the mail server.
>

IMAPS?

If need be a vpn tunnel even when if the office i.e. default access to the
lan is through a vpn tunnel even while you are in the office.


> I already do AV and firewalls on the present laptops, just not
> entirely comfortable at this time not having more central control over
> them.  I recall there are some products that are suppose handle this a
> bit more efficiently.
>

Does he (& the other mobile types) set his own IP address manually
everytime he comes into the office? Or is it a dhcp thing?

If it is then you can give em an address & that's it.

No change. Everyone gets used to no change eventually & then...

Then you can apply some.

It's easier to generate a "known good" list of ip addr'es than
"known bad".

make it simple & keep it simple & the holes get fewer.




Adam

--- BBBS/NT v4.01 Flag-5