Kicking out the Laptops

Josh's Blog

Wednesday, March 1. 2006

Kicking out the Laptops

BP (an energy company) has decided to remove laptops off their LAN

http://software.silicon.com/security/0,39024655,39156608,00.htm

Ken Douglas, technology director of BP, told the UK Technology Innovation & Growth Forum in London on Monday that 18,000 of BP's 85,000 laptops now connect straight to the internet even when they're in the office.


When I first read this story I couldn't believe what they were doing, but after thinking about it a bit, this is a brilliant idea. If a user has a laptop, they should be able to work while not connected to the LAN, so little should change by forcing them to work remotely. As soon as a laptop leaves a controlled environment, such as a corporate LAN, it should never be reconnected to that LAN. This is a bit like finding a cake on the street. Are you going to eat it? Probably not.

I don't have any numbers, but I would not be surprised if most corporate virus and worm infections come from laptop users. This story has me reconsidering my current ideas on good network design. I'm now wondering what else can be segmented in a manner that won't impact productivity, but will increase security.
Posted by Josh Bressers in Security at 20:27 | Comment (1) | Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

Yes that is pretty brilliant. At a previous place I was working, we were looking at a similar idea but hit too much management pushback. The idea was to put any new MAC (a MAC not seen within 2 hours) and put it on a dedicated VLAN. THis VLAN would give the box a DHCP address and the box would have to "prove" it was running latest corporate AV and had been cleaned. It would also do a quick probe to see if any bad ports were open (or open to knocking). Anything that failed the stink test got flagged and if it passed the switch would put it on the main vlan.

One idea was to put these boxes on a seperate LAN.. but too many people used laptops as their primary box and having them VPN back into corporate offices just pushed the problem to the VPN. In one year all but 2 of our infections had been caused by laptops or other travelling devices.
#1 Stephen Smoogen (Homepage) on 2006-03-02 14:31 (Reply)

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA 1CAPTCHA 2CAPTCHA 3CAPTCHA 4CAPTCHA 5


BBCode format allowed
 
 

Calendar

Back January '09
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

Quicksearch

Archives

January 2009
December 2008
November 2008
Recent...
Older...

Categories



All categories

Syndicate This Blog

Blog Administration

Open login screen

Powered by

Serendipity PHP Weblog