Hi Lisa,
Laptops and notebooks are a real problem. In my opinion, they should be
treated as foreign systems as soon as they leave the relative safety of your
firewall. They may have a hardware firewall at home, but it probably cost $50,
and gives them $50 worth of protection. They may or may not connect to another
network at some point, perhaps a client's network, or a friend's wireless, who
knows?
If the firewall can be turned off, it probably will be at some point. Not
good. Something will be blocked that they just HAVE to see. They will
download something, open or install it, and wham-bam-thank-you-maam, they now
have the latest and greatest remote access Trojan on the system. It may not be
evident to the user, and of course the next morning, they plug into your
network, behind the firewall. The RAT makes an outbound call, so the hardware
firewall allows it to communicate with the bot-net or remote host. Ahhh, sweet
to have authenticated Domain access, no need to hack around for passwords...
Of course, there is always the joy of worms and other malware that may
circulate around your LAN/WAN, causing general turmoil and confusion.
Any software firewall is better than none. For corporate use, it should
provide:
1) Ingress and Egress monitoring/filtering (NOT SP2's "firewall")
2) A standard rule-set that reduces the need for the user to allow or deny
access requests. (Chances are they will ALWAYS say yes!)
3) Constant updates to signature files and standard rules.
4) A central management console to ease administrative burden.
Nice to have are IDS, malware ID, etc.
Just my 2¢
Mark Brunner
Security Manager
Fasken Martineau DuMoulin LLP
This communication is solicitor/client privileged and contains confidential
information intended only for the person(s) to whom it is addressed. Any
unauthorized disclosure, copying, other distribution of this communication or
taking any action on its contents is strictly prohibited. If you have received
this message in error, please notify us immediately and delete this message
without reading, copying or forwarding it to anyone.
-----Original Message-----
From: lmwills@telus.net [mailto:lmwills@telus.net]
Sent: Wednesday, April 27, 2005 12:55 PM
To: security-basics@securityfocus.com
Subject: Mobile Users and Firewalls - best practices?
My company has a hardware firewall. Most of my users who have laptops have
hardware firewalls at home - but for those who don't I was going to recommend
they use Sygate as their personal software firewall when they are not in the
office.
What are your suggestions?
Does the user activate their software firewall when out of the office and then
drop it when they are behind the hardware firewall?
Are there conflicts beetween the two firewalls?
Is there a firewall out there that you feel is really great that I might be
missing?
Lisa Wills
