norton firewall (what ever the newer one is). These laptops are used for our sales guys. When they are in the office they are on a domain and the firewall turns itself off. On the road, the firewall turns its self on. The only thing that they use that needs the interent is IE
I guess what i'm asking are there any windows components that have to access the internet if you are using a interenet connection. I havent worked on this project in about a month, but i recall trying to only allow traffice on port 80 and I couldnt get IE to connect.
This would be for both incoming and outgoing ports.
i dont know if that norton thing does stateful inspection, because if it does, you can simply just block all incoming, and only allow out ports 80 and possibly 25 if they need to send mail (should be using webmail on the road anyways) and keep state on outgoing connections so they are allowed back in, and ta da semi locked down...then you still have to deal with the fact that there are so many IE vulns released all the time, that you really have not improved your security that much for the travelling users, as they might be jumping to network segments where there are viruses / worms abound.
They will use citrix (nfuse) to access their email. I wish i could get the company to use firefox, as it wold help. I have allready done some testing this morning. And IE wont connect unless a 20 other ports are open. I'll make a list when i get back in the office.