We have actually implemented this in our environment and it has
worked fairly well. Instead of using the scripts that microsoft
provides however, we wrote our .net based client. When deploying the
VPN client you can have it run a program after signing on. The program
runs a few checks on the client and then sends the unquarintined string
to the server. Granted if a client knew enough about the system they
could send their own code, but if you aren't worried about insider
sabotoge then this solution might work for you. If you have any
questions feel free to ask, I'll gladly provide answers for whatever I
can.
Mike W.
-----Original Message-----
From: Matt Bazan [mailto:Mbazan (at) onelegal (dot) com [email concealed]]
Sent: Thursday, March 24, 2005 5:41 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: quarantine vpn clients
Hello,
Anybody out there using quarantining/policy enforcement
solutions with MS' vpns? We run ISA 2004 and I see they have a
quarantine feature with limited functionality. I'd like something that
can be used to enforce a security policy on the client side. Ideas?
Thanks.
We have actually implemented this in our environment and it has
worked fairly well. Instead of using the scripts that microsoft
provides however, we wrote our .net based client. When deploying the
VPN client you can have it run a program after signing on. The program
runs a few checks on the client and then sends the unquarintined string
to the server. Granted if a client knew enough about the system they
could send their own code, but if you aren't worried about insider
sabotoge then this solution might work for you. If you have any
questions feel free to ask, I'll gladly provide answers for whatever I
can.
Mike W.
-----Original Message-----
From: Matt Bazan [mailto:Mbazan (at) onelegal (dot) com [email concealed]]
Sent: Thursday, March 24, 2005 5:41 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: quarantine vpn clients
Hello,
Anybody out there using quarantining/policy enforcement
solutions with MS' vpns? We run ISA 2004 and I see they have a
quarantine feature with limited functionality. I'd like something that
can be used to enforce a security policy on the client side. Ideas?
Thanks.
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]