how can protect against a unknown computer behind the firewall

Posted on 2006-05-15
Last Modified: 2013-12-04
Often customers or vendors will bring there laptops in and try to connect to the Internet.   The problem is I am seldom told when this occurs and I would like to at least verify the laptop is not a threat before it is connected to the network. I have basics covered like disabling the guest account and I am aware they would not be part of the domain. But is there anything else I can do? I have looked at options  like HP's Identitiy manager but it's very expensive and a little bit of overkill.

Question by:Jeff959
    LVL 51

    Accepted Solution

    What is your outgoing security policy currently? Do you have a proxy server or similar between your network and the Internet?

    Products such as ISA server, websense, surf control etc allow you to validate outgoing traffic through Active Directory groups for example. ie Not an authenticated user, no Internet.

    MS has a 6 month trial download of the ISA2006 beta version at the moment if you wanted to give it a try.


    LVL 12

    Assisted Solution

    Have you looked at Network Access Quarantine?  As described here:

    Part 1 -
    Part 2 -

    This allows you to tightly control which machines may or may not connect to your network based on pre-defined criteria.

    Hope this helps.
    LVL 52

    Assisted Solution

    The laptop owners have no access to any domain shares. If your workstations are fully patched and don't offer services to the network that are flawed with exploits, than it is hard for an "outsider" to infiltrate your network, even if that laptop is a compromised wormkeeper.
    New stations can be spotted by arpwatch or something similar, have Google go for arpwatch.
    LVL 51

    Expert Comment

    by:Keith Alabaster
    Thanks jeff.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free camera licenses with purchase of My Cloud NAS

    Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

    As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
    Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now