D-Link DFL-2500 User Guide - Page 228
End Point Security for Company-owned Computers
View all D-Link DFL-2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 228 highlights
21.1. VPN Design Considerations 209 End Point Security for Company-owned Computers Important points that are often included in remote access policies include: • Anti-virus software is needed to be installed and updated through the remote connection. • Choose a multi-user operating system where the end user's capabilities may be restricted. • Do NOT set the VPN/dialup client to automatically remember shared secrets, dialup passwords, or certificates, unless access to such data is password protected using strong encryption. Any vendor claiming to be capable of securing such data without the user entering a password, using a smart card, or supplying any sort of information, is not telling the truth. • If the VPN client offers a method for remembering all passwords without having the user supply any information, disable that feature. If not, sooner or later, someone will check that checkbox, and if/when the portable computer is stolen, the thief has an open access route to the corporate network. • Apply and enforce the same policies as the in-house computers. Such policies usually include: - No software downloads from the Internet - No games - No lending the computer to friends and others • Schedule inspections of all portable/home computers to verify compliance with all of the above. This process can usually be automated to great extent and even carried out across the remote connection. A few simple script files will usually do to see that no additional software is installed and that registry keys containing values for remembering passwords etc have not been changed. • Keep data stored locally on portable computers to a minimum to reduce the impact of theft. This includes e-mail cache folders. Actually, it may be best if mail is read through a web gateway, since that leaves the least amount of files in local storage. D-Link Firewalls User's Guide