Home page logo
/

basics logo Security Basics mailing list archives

Re: Client End Point Scan
From: Shane Anglin <shane.anglin () gmail com>
Date: Thu, 3 Nov 2011 11:58:49 -0400

Juniper SSL VPN has the host checker and endpoint security components.  But  the users must have admin access to their 
boxes to accept the Juniper packages.  Note that when you do BYOC, you will run into issues, such as with iTunes 
mdnsreponder.exe dropping VPN connections (unless you remediate that through Juniper by killing the service first)... 
And VPN issues may pop up for situations where the user has another VPN thick client, profile issues with Network 
Connect, etc... Lots of things can drop the connection on foreign devices.  Anything touching or changing a route will 
break VPN connections.

Also, consider why your policy states about liabilities for when you clean infected files on the client machine that 
were not in any way related your business... For instance, if the person has data on there that they work on for 
another company... It happens although that is bad practice.  And consider the HelpDesk dept that ends up having to 
troubleshoot all those different machines.  Are they OK to install EA Microsoft apps on non-corporate machines... Or 
other such vendor issues.

If this is a PCI environment, consult a PCI QSA as you will find the BYOC situation can cause compliance issues. 

Good luck!

Regards,
Shane Anglin



On Nov 3, 2011, at 1:52 PM, infosec () ampsecurity com wrote:

We have a group that is looking to adopt a bring your own computer (byoc) program, the client obviously has concerns 
on how they could enforce their minimum requirements (i.e. AV/Firewall protection, full patched system, OS, 
Memory/CPU if possible, etc.).  Their co-workers would connect over an SSL VPN and it sounds like an Endpoint 
Analysis solution is what they need.

Could anyone offer any suggestions on a solution?

Also, if an employee attempts to connect and does not meet the minimum requirements the client would like to return 
prompt on why the system is restricted from connecting.

Thanks!


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault