 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Dan Ritter wrote: > Everyone wants to connect their iPad or phone... so we got a > cheap cable modem from Comcast, wired up a WiFi router, and > let them play. Good approach. Obviously it can also be implemented using appropriate router/firewall/VLAN rules, rather than a physically separate WAN connection. > I can point to complete physical separation when the auditors > come. That's worth more than the Comcast bill. Sure, but aren't there dozens of other places in your infrastructure where your security *is* dependent on firewall rules, and thus you still need to assure the auditors of the integrity of those systems? I bet when these "foreign" devices need access to the corporate network, you're still using a VPN, which then makes the whole corporate LAN accessible to the infected machine. I get that it can be complicated to forward specific ports (via ssh or otherwise), but never got why large corporations were always so willing to completely open their internal networks to their employee's home computers, and always preferred VPNs to port forwarding (which I find far simpler to setup, than a VPN client). -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
