Enforcing Policy at the Perimeter

The rapid deployment of security patches and anti-virus updates has become a basic need within most IT organizations. The time between the disclosure of a vulnerability and its exploitation continues to decrease while vulnerabilities are becoming easier to exploit and are increasingly severe. Locally enforcing security policy on a large number of computers can be a challenge but keeping remote (VPN or dial-up connected) computers up to date can prove even more difficult. This case study examines some options available to organizations for providing remote access to users without over-extending the perimeter. Five alternatives for enforcing policy on remote users at the perimeter are analyzed in order to determine if and how the following questions are addressed. Does the remote computer have up to date virus protection? Have the latest security patches been applied? Is a certain piece of software installed or not installed? Is the software firewall configured with the current rule set? The alternatives examined in this case study address most of these questions but they each have their pros and cons. Each product has a different focus and approach for addressing these questions.