|
Posted by Roger Abell [MVP] on February 25, 2006, 2:38 am
If you were Registered and logged in, you could reply and use other advanced thread options
First, just for clarity, in your scenario that laptop is connected to the
corp
net and the internet, but the corp net is not connected to the internet.
The laptop is not routing between them. The corp net is of course at
risk from entry of malware, or persons, via a hop off from the laptop.
The issue you raise is quite large, and AFAIK not simple to resolve
given the diverse ways an authorized device might be used to create
such a bridge. It virtually implies a very tight lockdown of the machines,
but one quite sensitive to location (ex. no modem use is on corp net,
but certainly available while travelling). I am not sure such a lockdown
is feasible today given the range of connectivity devices (ex. no usb
while on corp but ok outside?? is a bit draconian).
--
Roger Abell
Microsoft MVP (Windows Server : Security)
> The scenario...
>
> A user with a laptop connected to the corporate network via a wired
> connections initiates a second connection with a Verizon EVDO PDA/PCCARD
> to
> the internet. Now the corporate network is connected to the Internet via
> the
> laptop and the user can bypass security such as proxy servers, ect if he
> wanted to. The Windows XP Firewall is off due to a Domain Policy that
> turns
> it off due to being on the corporate network, regardless that the user has
> initiated a second very untrusted connection.
>
> Any suggestions as how to prevent this with a technical solution of
> product?
| 
XML site map