From: Richard B. 

On Sat, 18 Dec 2004 09:08:44 -0500, "Geo"  wrote:

>Email is no problem, that's just port 110 and you can limit his inbound
>access to just the mail server. The file access is another issue since many
>virus now spread by windows shares. You would need to either limit his
>access to read only or run some AV software on the machine he has file
>access to and even then you still run the risk of someone rooting his laptop
>and using it to copy or delete your files.

I am thinking about whether or not he really needs file access, although I
suppose he or someone from the office will.  Generally it's something like
a PowerPoint presentation that they simply copy to the laptop, it's rare I
think they would need file access.  Guess I could provide that only when
requested.

>One way to at least limit that last part is to configure his machine to do a
>VPN and when it does to kill access to anything but that vpn (you would have
>to use a script to route the 0.0.0.0 route to some non-existant address
>within the vpn to make that happen.)
>
>There is one other option, you can set him up so his machine always vpn's to
>the office and all internet access is forced to go thru the vpn so it's just
>like any machine at work. That might be slower and more limiting for
>browsing the net but it would be a hell of a lot safer.

I think this is something Adam just mentioned.  He might not even notice
the slowness for most things.  I've yet to set up a VPN so it looks like it
is time to learn. 

- Richard

--- BBBS/NT v4.01 Flag-5