|
Posted by Todd H. on July 23, 2005, 10:14 pm
If you were Registered and logged in, you could reply and use other advanced thread options
phwashington@attbi.com writes:
> Any ideas on a more secure way of treating laptops which are plugged
> into a LAN. Currently our users can take there laptops home/business
> trip and then they can come back in and plug into the network. Any
> suggestions on something that might be more secure: Maybe requiring
> them to plug into a seperate LAN with a gateway between LANS that
> searches for trojans or viruses being passed to a other computers or
> file servers. Does anybody sell a router like this that could be
> plugged into a user cubicle or office and then the user plugs into the
> other end of the system?
>
> Or maybe I need to set all the laptop ports up as a seperate network
> and run them through a gateway with antivirus and IDS?
This is an issue that needs a policy+technology answer vs just a
technology answer.
Mandating that every laptop must be running tested and approved
antivirus + personal firewall combination that is updated, using
policies pushed from a central server, and that machines be configured
for such things as sufficiently strong and sufficiently updated
passwords, fileshares locked down, and things of the like are your
best protection against mobile users bringing nasties into your
network.
Keeping desktop machines firewalled on separate networks from "server"
machines is a good idea when practical. Traffic analysis of LAN
traffic for trojan or virus related network traffic is also a good
idea in the spirit of defense in depth.
Best Regards,
--
Todd H.
http://www.toddh.net/
| 
XML site map