Leeann,
>From looking at the responses you received, you have a lot
of reading to do. What you'll find though, is most of what
you read will be similar in nature(since policies should be
non-technical), but each company may implement them
in many varying ways.
By allowing VPN's into your secured site, your trusting
systems that you really have no control over, thus
reducing the security of your site.
As for the Secure Remote users, they/_you_ need to
understand that their laptops/remote desktops/home
computers are no safer once they have SR(or any
kind of VPN) installed. These kinds of communications
are just encrypted between the sites.
If you have a system that has been compromised and
you allow this system to access your 'secured' site over the
VPN link, you're just allowing the compromised system into
yours making it easier for the trojan/virus/cracker to do
their dirty work.
In other words, they/you still need to be very aware of what
they're connecting to, downloading, receiving email from,
etc. Teaching them about safe computing is always a
good thing. Not training them about the ills of the electronic
world will only make yours and many others' lives difficult.
There are many good sites for learning about the e-underworld.
Start with http://www.enteract.com/~lspitz, and branch out
from there.
I hope this helps.
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> Leeann Wilson <[EMAIL PROTECTED]> 6/27/00 11:38:19 PM >>>
>
>Thanks Kirk,
>
>we do have various security policies in place both computer and non-computer
>related. I just want to give our Secure Remtoe users something specific
>highlighting the importance of security whilst off-site.
>
>baseline huh? I'll look'm up.
>
>thx
>
>-----Original Message-----
>From: Greaser, Kirk N. [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, June 28, 2000 2:22 PM
>To: 'Leeann Wilson'; 'FW-1 Mailing list'
>Subject: RE: [FW1] Company Security Policy
>
>Leeann,
>
>Do you have a sec pol for your company? If not baseline software has a
>great book that you can use as a guide on how to plan for, prepare and
>rollout a sec pol. The book is about $500 and is called Information
>Security Policies Made Easy. It is worth every penny. Of course
>interfacing with legal is obviously a good idea too.
>
>What you are speaking of is just a small part of the greater need.
>
>-----Original Message-----
>From: Leeann Wilson [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, June 27, 2000 5:34 PM
>To: 'FW-1 Mailing list'
>Subject: [FW1] Company Security Policy
>
>Does anyone have some sort of company security policy for your secureremote
>users with regard to remote access? ie. if their notebook gets stolen, or
>they think their notebook has been compromised in some way, to contact
>helpdesk etc.
>
>thanks
>lee
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
