Avatar of kevotron
kevotron
 asked on

Laptop connecting to Win2k3 Domain - How to secure?

I have a user that just came to our organization from another company and he is bringing his own laptop. His machine was filled with viruses\spyware, and after a good two days trying to remove it all, I finally told him lets just reinstall XP. We have laptop users who connect to our off network, so I dont have to worry about them hurting any machines in our WIN2k3 domain. This new user is really pushing to have me connect him to our domain once I reinstall Windows, and I am hesitant given the state of his machine when he arrived. My question is what methods are used to allow traveling users to connect to a domain. I have never really had to do it in the past and am not sure how others go about handling this. We have Trend Micro server suite as our organization/s antivirus solution. Ideas?
OS Security

Avatar of undefined
Last Comment
Rich Rumble

8/22/2022 - Mon
Busbar

u have to use third party for that like surfcontrol
if you use ISA 2004/2006 u can use the VPN quarantine feature
also a centralized AV with regular scans will help you out
kevotron

ASKER
I guess I may not have been completely clear. I guess I need to know how companies that have laptop users coming and going between the domain and wherever protect themselves. Would Trend Micro Server suite be adequate? Is a centralized corporate antivirus setup like what I have sufficient?
ASKER CERTIFIED SOLUTION
Busbar

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Busbar

by the way it is WSUS or SMS 2003 :)
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Rich Rumble

No, what you want to do is keep the visitor off your networks, and allow them to use the internet connection only, and perhaps a printer. It's too much of a hassle for you to install something, and or scan a pc before you allow them on the network. A DMZ and or a simple Vlan can solve the issue for you. What sort of networking equipment do you have, Firewall, router, switch? http://en.wikipedia.org/wiki/Demilitarized_zone_%28computing%29

If this person needs more access than that, then force them to bring the software he/she needs, and you can provide them with a trusted PC. If you need some sample policies and templates to this effect (which can help with clarifying HIPAA and SOX compliance) have a look here: http://www.sans.org/resources/policies/#template

Above all else, don't join them to your domain, make them understand your Acceptable Usage policies while they are using your network and or equipment.
-rich
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.