We've done some evaluations in the area. We have two problems to address
tho.
1) The standard problem everyone discusses here; people wanting to connect
to the internal network via their home DSL or Dialup connection. This is bad
enough.
2) People want to connect from within the internal network to a customer
site using a VPN (PPTP or IPSec) connection. This one scares me!
What we came up with is a combination of Sygate's personal firewall. It does
a few things right:
a) stops inbound traffic (whew! that's a start)
b) can be configured to stop outbound traffic from unknown (potentially
trojan) applications
c) can be configured to check with a corporate server to verify proper
policy is loaded
d) can be configured to send alerts and even portions of log files to a
central site
e) has a VPN enforcer, which allows you to stop traffic passing through it
which does not have the firewall loaded.
We figured at one point, however, one of the other personal firewall vendors
will leapfrog this company and then another and another and then Sygate will
be at the head of the pack again. So it is a matter of deciding which horse
to ride and ... riding it.
In fact, at a recent Checkpoint conference, I saw that Secure Client,
Checkpoint's offering, will provide similar features. (sigh).
Dan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
