My query is about opening up access to the Internet in a sensitive
environment.
I recently met someone who wishes to give his employees access
to the Internet from their desktops, but the employees also have
some very sensitive financial information on their PCs and around
their current network. He is currently looking at putting a full firewall,
proxy server and filtering router in place to allow this access.
He's well aware that the systems have to be monitored and
maintained.
I'm fairly conservative about security and expressed some concerns
about the above set-up, so my questions are...
Given the sensitive nature of the environment is the above set-up
enough?
Should Java and ActiveX be allowed past the proxy? If not can they
be automatically removed? Just disabling it on the client is not good
enough.
One of my main fears is that allowing the connection without some
of the more "problematic" features will cause a problem later as
employees start to look and demand things like pushed data etc.
Bret
Follow-Ups:
|
|
