[Dshield] remote access question

Henry Hertz Hobbit hhhobbit at comcast.net
Sun Mar 6 19:01:26 GMT 2005


On Sat, 2005-03-05 at 08:04, Paul Marsh wrote:
> I'm looking for an automated solution that will scan my users remote
> system checking to make sure their AV is up to date and running along
> with scanning for any nasties before they gain VPN access.  I don't
> even know if there is such a solution out there but I'm sure the list
> will know.  Maybe I could run some sort of script that would redirects
> them to something like Trend House Call before?
>  
> Thanx, Paul   

Paul:

You didn't specify whether you wanted Free or Pay.  I suspect from your
question that you just want a simple solution for just a few VPN
clients.  If that is the case, somebody else's answer here is more
appropriate.

Symantec has a big pay solution:

http://enterprisesecurity.symantec.com/content/productlink.cfm

So does CheckPoint, who has acquired ZoneAlarm and has a product named
Integrity Agent.  ZoneAlarm is developing their own AV product.  I think
they are fighting an uphill battle.

http://tinyurl.com/52hmt
http://tinyurl.com/6oulq
http://tinyurl.com/4amof

Sophos, F-Secure, and the other AV vendors all have solution. and
SecurePoint has one specifically tailored to VPN:

http://www.securepoint.cc/

The one that is escaping me, was a very elegant solution that was being
where they had white paper showing the deployment of their integrated
solution at a university where they put their units literally in front
of access points for wireless, in addition to the wired connections.  If
your MAC address (which can be changed on Windows - a very stupid idea
in my opinion) didn't match it would drop the connection.  They
supported several AV packages and had client side software that would
report back to their server what your software AV package's DB level
was.  If you were not up to snuff, it redirected the machine to where it
would be brought up to date.  It supported all of the major AV vendors,
and I saw no reason it couldn't support all of them.  For some reason I
can't find them right now.  It may have not been appropriate for you
(overkill), but it dropped the university's virus infections to zero,
because if the system detected anomalies from a station, it quarantined
it much like CheckPoint's product did.  I am going to continue to look
for it for a little while.

Here is a page you can look at reviews of various other vendors that may
give you something appropriate:

http://robitron.dynip.com/vpn.html

HHH
-- 
Key Name:  "Henry Hertz Hobbit"
Key fingerprint = 924E BE61 1ACF B87A DCA9 009E E74C 183D 0164 F7D5




More information about the list mailing list