In today's market, the laptop community is taking over. It has been speculated that next year laptops will make up more than half of the computers sold in the US. To me, that sounds crazy, laptops? Just a couple years ago, nobody had laptops, they were large, heavy, slow, and very expensive. Now a days, the technology is such that a laptop can be an even better machine than the desktops you have at work. It will also weigh less than your wallet and will be just slightly larger.
The prices of laptops have come down drastically as well. Three years ago, a Dell 9100 with all the bells and whistles cost just under $5,000. In today's market, this machine would not even be purchased because of it's sheer density and, if it was, probably could fetch no more that $1,500. This is incredible.
The most common desktop model that we are seeing in corporate America is an empty desk with a power\network port to plug your laptop into when you arrive. No more large, hot, loud machines taking up three quarters of the desk. This also gives the executive the freedom to "work from home". This is my favorite phrase, a Utopian idea. The thought that people can just dial into the network and perform their tasks from home is one that excites me, but the thought of all that work crossing those lines makes me worry about security.
How do your laptops maintain security?
The RAS Security model is a three layered model that should guarantee integrity as well as maintain policy for dial up users.
The first layer of the security is a layer of condition statements. This layer is based on any number of conditions that can be time of day, time zone, network generating request, IP generating request, phone number, etc.
The second layer decided whether or not you should be granted access based on the results of the condition statements in the first layer of security.
The third layer is the assignment of policy to the requestor. Based on the information that you input and what it resolves on the RAS server, you will be granted a set of permissions (access, e-mail, internet service, etc).
It is advised that you tune the security of your RAS server as some of the defaults are a little shaky. An example of this is that, by default, the policy for RAS will allow any to connect on days that end in the letter "Y". The last time I checked, this was every day in the week, probably not what you want to allow.
There are three actions that the RAS server can take when it receives a request. It can:
1. Grant access to the requestor.
2. Deny access to the requestor.
3. Offset this decision to a remote access policy.
The third of these options requires that you have a native Windows 2000 environment or a standalone Win2K RAS server. In this case, RAS will check to see whether the "Grant Remote Access Permission" is selected in the remote access policy.
Let me know if you have any good security tips for dial up users.