Safe Surfing from Regional Office?
Posted on 2014-04-24
We have a WAN link from headquarters to a regional office.
All internet surfing normally travels over the WAN to HQ, goes through our proxy ISA/GFI server where traffic is scanned. Downloading certain file types is blocked and we feel much safer having everyone surf through that proxy.
The regional office also has a cable modem so visitors can surf the internet via wifi.
Our security policy prohibits connecting any of our traveling laptops to the LAN.
In the unlikely event that our WAN is down, we'd like to leverage the cable modem at the regional office to allow our LAN users to use OWA over the internet.
Though we briefly entertained buying some USB wireless adapters so the desktops could reach the internet via wifi if the WAN was down. Our concern is that they would be less secure because the traffic would not be scanned by our proxy ISA / GFI server. If someone got infected, they could infect other folks on the LAN.
What's the best option to provide emergency access to the internet without reducing our security?
One option, if it's possible might be to plug the cable modem into the WAN port of a cheap router, then configure the router to only allow access to our OWA site. Then connect that somehow to our LAN. Of course we'd need to have each client go into internet options and remove the reference to our proxy server. When the emergency is over, we'd need to disconnect the temporary cable modem/router and have our clients enter the proxy server so they can surf the regular way.
Are there other options? Are there any dedicated devices which block internet threats beyond what a traditional file-scanning anti-virus app might do?
Any thoughts would be very much appreciated,