Keith,
For unauthorized application protection, check out Seventh Knight's
Officeware or z7 process authentication products. Essentially, they allow
the network administrator to create a network wide white list database of
executable code that requests kernel time (ie. .exe, .dll, .ocx, .scr and
on) and will then intercept calls to the kernel, verify it against the list
and only permit execution if it is authenticated. This product is very
useful for blocking unauthorized applications but also prevents zero day
attacks that may get past pattern based virus/attack protection products. If
your network maintains a fairly static number of applications, the only
administrative burden is the initial configuration. If you develop or test
a lot of new software, the burden of tracking and updating the code list can
become a significant burden.
Locking down laptops is another matter altogether. One method would be to
allow only TS/Citrix access to critical data and control access from there.
Another, and perhaps more practical, is to use VMWare's ACE to create a
secure image in which all mobile clients can operate with access to the data
and network but little or no I/O. Then there is the problem of theft. The
newly released Seagate FDE drives provide for transparent full disk
encryption so they are virtually impossible to decode in the event of theft
but add to the cost of the laptop. All in all, I completely agree that
mobile security is a general pain.
Michael
Michael Barry
Aspacia Systems Inc
866.566.9600
312.803.0730 fax
http://www.aspacia.com/
-----Original Message-----
From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of
Keith Mailloux
Sent: Wednesday, May 03, 2006 1:41 PM
To: vantage@yahoogroups.com
Subject: [Vantage] OT:Laptop support
We are starting to see more and more demand for laptop support in our
company. Prior to this increase, laptops were limited to IT people who
displayed a reasonable amount of caution and due diligence when coming and
going from the network. Now we have power users wanting to go mobile (our
worst nightmare). I would be curious as to how others are locking down
laptop capabilities (if you are) when off site and how you handle
synchronization. We have the full virus thing covered; we are most concerned
about unauthorized applications, synchronization and asset protection.
Also would be curious on remote access scenarios being used, we use various
solutions now but none are simple for non power user types (also now laptop
equipped). GoToMyPc is great but to lock down file transfer requires a more
expensive product with 20 user minimum.
Thanks
Keith Mailloux
Ferguson Perforating
[Non-text portions of this message have been removed]
Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
Yahoo! Groups Links
For unauthorized application protection, check out Seventh Knight's
Officeware or z7 process authentication products. Essentially, they allow
the network administrator to create a network wide white list database of
executable code that requests kernel time (ie. .exe, .dll, .ocx, .scr and
on) and will then intercept calls to the kernel, verify it against the list
and only permit execution if it is authenticated. This product is very
useful for blocking unauthorized applications but also prevents zero day
attacks that may get past pattern based virus/attack protection products. If
your network maintains a fairly static number of applications, the only
administrative burden is the initial configuration. If you develop or test
a lot of new software, the burden of tracking and updating the code list can
become a significant burden.
Locking down laptops is another matter altogether. One method would be to
allow only TS/Citrix access to critical data and control access from there.
Another, and perhaps more practical, is to use VMWare's ACE to create a
secure image in which all mobile clients can operate with access to the data
and network but little or no I/O. Then there is the problem of theft. The
newly released Seagate FDE drives provide for transparent full disk
encryption so they are virtually impossible to decode in the event of theft
but add to the cost of the laptop. All in all, I completely agree that
mobile security is a general pain.
Michael
Michael Barry
Aspacia Systems Inc
866.566.9600
312.803.0730 fax
http://www.aspacia.com/
-----Original Message-----
From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of
Keith Mailloux
Sent: Wednesday, May 03, 2006 1:41 PM
To: vantage@yahoogroups.com
Subject: [Vantage] OT:Laptop support
We are starting to see more and more demand for laptop support in our
company. Prior to this increase, laptops were limited to IT people who
displayed a reasonable amount of caution and due diligence when coming and
going from the network. Now we have power users wanting to go mobile (our
worst nightmare). I would be curious as to how others are locking down
laptop capabilities (if you are) when off site and how you handle
synchronization. We have the full virus thing covered; we are most concerned
about unauthorized applications, synchronization and asset protection.
Also would be curious on remote access scenarios being used, we use various
solutions now but none are simple for non power user types (also now laptop
equipped). GoToMyPc is great but to lock down file transfer requires a more
expensive product with 20 user minimum.
Thanks
Keith Mailloux
Ferguson Perforating
[Non-text portions of this message have been removed]
Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
Yahoo! Groups Links