|
Posted by djc on October 5, 2006, 11:01 am
Please log in for more thread options yep yep on the local admin thing. None of my users run with admin
priveleges.
on the gpo thing. You mentioning being careful about filters between client
and DC brought up some questions:
1) would the windows firewall, by default, also apply to the 'vpn'
connection?
2) if the answer to 1 is no, can you make it apply to the vpn connection?
3) can you configure windows firewall rules seperately for different network
adapters, including vpn?
> Hi,
>
> Malware will need administrative privileges to e.g. disable Windows
> Firewall. As long as your users are local administrators on their
> computers, malware will be able to do just about anything and it doesn't
> matter what firewall you install on the computer. So, first step in
> securing your clients is to make sure that users are not local
> administrators.
> Updating Group Policies over VPN depends mostly on VPN configuration and
> Group Policy settings. If you set it up correctly (be careful about
> filters between clients and domain controllers) they will be able to
> update group policy settings over VPN.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
>> Ya, I'm aware of it, but I was under the impression it would not suffice.
>> Not as robust as third party packages and too easily manipulated by
>> malicious code. Thats what I'm told anyway. I guess you disagree with
>> that? Using GPO's is certianly a bonus, but would changes in GPO's be
>> picked up over VPN?
>>
>>> Hi,
>>>
>>> I can recommend you a firewall that comes with Windows XP SP2. You can
>>> even use group policy to configure it.
>>>
>>> --
>>> Mike
>>> Microsoft MVP - Windows Security
>>>
>>>> so far I have only had 'remote' users. By 'remote' I mean I have been
>>>> in control of the machine they are using *and* the network (home) they
>>>> are connecting from. I securely configure their home router, I supply
>>>> them with a company laptop that picks up our group policy before
>>>> leaving, has our company AV software, and is configured with a VPN
>>>> connection to our network. After connecting to VPN user's RDP to their
>>>> desktops.
>>>>
>>>> I realize the setup I'm using now would not work for 'mobile' users
>>>> connecting from public wi-fi hotspots and such since I don't have
>>>> control of those networks. Is it just a matter of adding a good
>>>> host-based personal firewall into the mix? (if so, any recommendations
>>>> on whats currently a good one would be appreciated, it seems to change
>>>> every time I check)
>>>>
>>>> any input on this in general would be greatly appreciated.
>>>>
>>>
>>>
>>
>>
>
>
| 
XML Sitemap