CharlieBrowne   6350 pts.  |   Oct 14 2009  4:52PM GMT

We have developers that work remotely.
They must use a company provided PC to get in and everyone has a must come in through the VPN

Pressler2904   2165 pts.  |   Oct 14 2009  8:44PM GMT

We are in the process of deploying our first truly mobile access solution in a small (150 node) network. As HIPAA is a primary concern here, there are major concerns with remote security. Although in (most? many?) organizations the use of a third party client (host - based) firewall is a requirement for anyone attempting to connect remotely, whether assigned by or installed by IT or chosen by the end user from a list of acceptable alternatives (and verified prior to the establishment of a RAS or VPN connection) the mindset here is truly (ease of use” oriented, disallowing all but the most rudimentary firewall (i.e.: Windows Firewall)

As a result, the use of a best practices design has allowed for some (so far) minor security incidents, but as the new process and procedures become more widespread in our organization, the threat profile is sure to increase.

The use of a company provided and configured device is part of our policies and procedures, but only recently so and there are several clients who have been and continue to use what amount to rogue devices to access our network. As I’m not the one who calls the shots, only the one who cleans up the messes left behind, the situation is quite frustrating… Keeps me busy (read: employed)…