[Dshield] WLAN intregation into corporate Networks.

John Holmblad jholmblad at aol.com
Thu Oct 9 15:31:29 GMT 2003


I would add to Richard's comment that another "best practice" that is 
evolving for mobile devices (notebook computers, PDA's, etc.)  that 
"tunnel" into the enterprise network using a VPN whether via wireless or 
wired means, is to implement a security policy that quarantines them 
until it can be determined that such devices ARE in fact in conformance 
with the company security policy. This is accomplished  by  executing a 
protocol that checks the device for such conformance (e.g. A/V software 
installed and enabled with up to date signature files, latest Hotfixes 
installed, etc.). Of course there is still a risk of a compromised 
mobile device "faking" the  "success" outcome of the aforementioned 
protocol so that the device appears to be ok when in fact it is 
trojaned. This argues for a discipline within the enterprise to have 
mobile devices viewed as the "weakest link" that they perhaps are, and 
to focus proactively on training mobile users to be very infosec aware 
and properly trained on keeping their devices in top condition from an 
infosec perspective. With the release of Microsoft Windows Server  2003, 
Microsoft has implemented mechanisms that they claim will allow such 
quarantining to work reasonably smoothly when used in combination with 
the Radius service running on the Microsoft ISA server.

Best Regards,


John Holmblad


Televerage International


(H) 703 620 0672

(M) 703 407 2278

(F) 703 620 5388


www page:                      www.vtext.com/users/jholmblad

primary email address: jholmblad at aol.com

backup email address:  jholmblad at verizon.net


text email address:         jholmblad at vtext.com

More information about the list mailing list