Hello,
I hope you can help me with the following request from our security department or tell me what you would suggest to improve in this scenario.
Currently clients that are in a "public network (home/hotels/partner side) do not have very strict firewall rules. However our security management wants to block all kind of filesharing. For this we already blocked USB/SD/Mobile Devices on our clients. When you are at home for example you could simply connect to your private NAS and copy all kind of data. I don't think that you can block this by blocking specific ports because you can also access your NAS system via browsers and normal http/https. Also you are not surfing over any kind of proxy when you are in a public network.
One idea was to block the access as a whole like this:
Client is in a public network --> Block all Connections but some company sites and VPN connection.
When you are connected over VPN everything should work like before as you are using the internal network/proxy now.
This could work in theory but how could we allow additional websites like Hotel WLAN sites etc. and what should we also consider?
Thanks and Regards