Zotob and laptop security
Hopefully this whole Zotob worm episode will help break down the sense of security developed by IT departments who believe their big, shiny firewalls will protect them from nasty bugs like this. I’ve read some speculation that it was reporters’ laptops, compromised in the field, which proceeded to assault their home networks when brought back behind the network’s defenses.
It’s not obvious (to me) how the networks might have defended themselves against this previously-unknown threat without some sort of severe “laptop quarantine” for returning travelers. Even those networks which place wi-fi devices outside the FW and require VPN access would likely have allowed SMB-over-TCP traffic [port 445, the Zotob attack vector] through the VPN.
What’s the current best practice for re-securing laptops returning home without seriously inconveniencing users?