Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

basics logo Security Basics mailing list archives

RE: Tele-Commuting Risks
From: Andrew Johns <Andrew.Johns () haley com>
Date: Tue, 6 Jan 2009 13:16:13 +1100
To allow more fine grained control over the RDP connection, including policy enforcement (eg:completely ban 
disk/printer/clipboard access *irrespective* of server/client config), have a look at Zorp application gateway from 
Balabit IT (and no, I do not work for them ;)

Very impressive stuff.  Includes screen scraping which allows for regex searches of commands entered by remote users 
from logs - handy for compliance/monitoring reasons (Note: I haven't used this particular feature myself).


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of HITESH PATEL
Sent: Saturday, 3 January 2009 4:41 AM
To: John; security-basics () securityfocus com
Subject: Re: Tele-Commuting Risks

It really depends how you allow your remote employees to access your network.

If you allow remote employees to connect their personal systems (via VPN) then risk is much higher and could be 
unmanagable. It also depends how that VPN is configured/implemented. Employees personal systems might be infected and 
hence it becomes threat to your company when connected to your network.

If you allow your remote employees to connect the VM hosted on your network (via RDP) then you will have full control 
on the system, and risk can be controlled/managable. It also depends how that RDP connection is configured

-HP



----- Original Message ----
From: John <tornado579 () gmail com>
To: security-basics () securityfocus com
Sent: Friday, January 2, 2009 2:26:01 AM
Subject: Tele-Commuting Risks

Hi All,



Our company is planning to introduce Tele Commuting facilities for all the
employees. Some of the employees work on sensitive information like SSN,
Credit Cards etc. 

Our company also regularly undergoes ISO 27001 and SAS 70 audits.



I have the following questions:



Risks Involved in Tele Commuting? 


How to prevent information leakage while telecommuting especially when it
comes to PII? 


Audit and Compliance issues related to Tele Commuting? 




If you have any good web resources or suggestions it will be helpful. 



Thanks in advance.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]