Re: Dial up question
- From: Chuck <none@xxxxxxxxxxx>
- Date: Mon, 12 Dec 2005 15:53:48 -0800
On Sun, 11 Dec 2005 17:15:02 -0800, "S.Huang" <SHuang@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:
>"Chuck" wrote:
>
>> On Thu, 8 Dec 2005 22:12:02 -0800, "S.Huang" <SHuang@xxxxxxxxxxxxxxxxxxxxxxxxx>
>> wrote:
>>
>> >Is there a way to only allow company?s laptops to connect via dial-up and
>> >restrict home PC or any other computer from making the same connection via
>> >dial-up? It?s just a security concern that if computers other than the
>> >company?s computer is connected to the corporate network.
>> >
>> >Thanks
>>
>> Your query leaves me with several questions, and makes me wonder whether you
>> need the services of a skilled security technician, to develop a Corporate
>> Security Policy, including enforcement and penalty sections.
>>
>> Which of the following scenarios (or all of them) are you worried about?
>> 1) Employee takes laptop home, dials in to the Internet, allows other computers
>> to connect to it, and shares Internet access.
>> 2) Employee takes laptop home, allows other computers to connect to it, and
>> shares resources (in / out) maybe file sharing, with non-company computers.
>> 3) Employee sets up non-company computer, as laptop is setup, and uses that
>> computer instead of laptop to connect to company resources (not Internet).
>>
>> Which of these scenarios are you afraid that your employees are sufficiently
>> technically advanced, and interested, that they would do even if instructed by
>> Corporate Security Policy, to not do?
>>
>> In other words, have you explicitly instructed your employees NOT to do these
>> things, and are they sufficiently technically skilled and untrustworthy, that
>> they are likely to do them anyway?
>User uses ethernet to connect in the office with restricted acess and Active
>Directory is used.
>
>We have security policy implemented and the main concern is user setup their
>home PC as company laptop. After all it's not that difficult to setup a dial
>up account on a PC, all they need to know is the telephone number.
>
>what I am after is the way to ensure that employees can not or make it
>harder to breach the policy by enforcing restrictions on the actual dial-in
>connection. I was thinking is it possible to setup a certificate on the
>laptop and the dial-in server checks the certificate to allow or deny access?
Do you have Active Directory? If so, put the laptops in an AD container, and
deny dialup access to any other computers.
If not, a certificate would be one way to go. If the nuisance of installing
certificates on both the server and the clients isn't too much of a bother.
--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
.
- References:
- Re: Dial up question
- From: Chuck
- Re: Dial up question
- Prev by Date: Re: Home network setup problems pls help
- Next by Date: Windows XP connection limit (Real Issue)
- Previous by thread: Re: Dial up question
- Next by thread: Allow only one web page to access the internet
- Index(es):
Relevant Pages
|
