> Word UP! > > We have people surfing the Internet and then connecting via VPN to our LAN. > The only solution as far is virusscanner and a electronic software > distribution. > That is what I think >
Well, Laptops should have a stck on them, that forces a RADIUS/CHAP or xEAP authentication to access the local network when they are brought onto a local LAN. Client VPN and dial-up users should also go through this method. Once authenticated, these connections should be diverted to a VLAN created just for these client machines. This VLAN would be screened from the regular user segment (which should itself be screened from production servers and development/test). Access to resources here would occur through proxies, and possibly remote terminal services. Yeah, right. I lnow... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
