D-Link DFL-1600 User Manual page 229

21.1. VPN Design Considerations
End Point Security for Company-owned Computers
Important points that are often included in remote access policies include:
Anti-virus software is needed to be installed and updated through the
remote connection.
Choose a multi-user operating system where the end user's
capabilities may be restricted.
Do NOT set the VPN/dialup client to automatically remember
shared secrets, dialup passwords, or certificates, unless access to such
data is password protected using strong encryption.
Any vendor claiming to be capable of securing such data without the
user entering a password, using a smart card, or supplying any sort of
information, is not telling the truth.
If the VPN client offers a method for remembering all passwords
without having the user supply any information, disable that feature.
If not, sooner or later, someone will check that checkbox, and if/when
the portable computer is stolen, the thief has an open access route to
the corporate network.
Apply and enforce the same policies as the in-house computers. Such
policies usually include:
- No software downloads from the Internet
- No games
- No lending the computer to friends and others
Schedule inspections of all portable/home computers to verify
compliance with all of the above. This process can usually be
automated to great extent and even carried out across the remote
connection. A few simple script files will usually do to see that no
additional software is installed and that registry keys containing
values for remembering passwords etc have not been changed.
Keep data stored locally on portable computers to a minimum to
reduce the impact of theft. This includes e-mail cache folders.
Actually, it may be best if mail is read through a web gateway, since
that leaves the least amount of files in local storage.
D-Link Firewalls User's Guide
209