Give each user a tamper resistant laptop with Windows 2000, no boot menu,
floppy boot disabled, no write access to c:\winnt, automatic anti-virus
updates, encrypted hard disk etc. Create dial-up settings for modem/vpn
access with stored passwords that the user don't know. That way they
*have* to use this specific laptop to connect.
To prevent a stolen laptop from connecting this should be combined with a
password that the user knows/smartcard/SecurID etc.
Hard work for the first few machines you make, but you can create install
scripts for such machines.
Amanda.
On Fri, 18 Aug 2000, Michael C. Ibarra wrote:
> Another thought, somewhat horrible I admit, is to lock up the machines
> other ports which would prevent them from using another modem in the
> first place. So far the VPN solution given to me solves most of my
> headaches, now to find a failsafe method for additional ports :-(
_______________________________________________
Firewall-wizards mailing list
Firewall-wizards_at_nfr.net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Received on Aug 21 2000
Intro
