Link to home
Start Free TrialLog in
Avatar of kevotron
kevotron

asked on

Laptop connecting to Win2k3 Domain - How to secure?

I have a user that just came to our organization from another company and he is bringing his own laptop. His machine was filled with viruses\spyware, and after a good two days trying to remove it all, I finally told him lets just reinstall XP. We have laptop users who connect to our off network, so I dont have to worry about them hurting any machines in our WIN2k3 domain. This new user is really pushing to have me connect him to our domain once I reinstall Windows, and I am hesitant given the state of his machine when he arrived. My question is what methods are used to allow traveling users to connect to a domain. I have never really had to do it in the past and am not sure how others go about handling this. We have Trend Micro server suite as our organization/s antivirus solution. Ideas?
Avatar of Busbar
Busbar
Flag of Egypt image

u have to use third party for that like surfcontrol
if you use ISA 2004/2006 u can use the VPN quarantine feature
also a centralized AV with regular scans will help you out
Avatar of kevotron
kevotron

ASKER

I guess I may not have been completely clear. I guess I need to know how companies that have laptop users coming and going between the domain and wherever protect themselves. Would Trend Micro Server suite be adequate? Is a centralized corporate antivirus setup like what I have sufficient?
ASKER CERTIFIED SOLUTION
Avatar of Busbar
Busbar
Flag of Egypt image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
by the way it is WSUS or SMS 2003 :)
Avatar of Rich Rumble
No, what you want to do is keep the visitor off your networks, and allow them to use the internet connection only, and perhaps a printer. It's too much of a hassle for you to install something, and or scan a pc before you allow them on the network. A DMZ and or a simple Vlan can solve the issue for you. What sort of networking equipment do you have, Firewall, router, switch? http://en.wikipedia.org/wiki/Demilitarized_zone_%28computing%29

If this person needs more access than that, then force them to bring the software he/she needs, and you can provide them with a trusted PC. If you need some sample policies and templates to this effect (which can help with clarifying HIPAA and SOX compliance) have a look here: http://www.sans.org/resources/policies/#template

Above all else, don't join them to your domain, make them understand your Acceptable Usage policies while they are using your network and or equipment.
-rich
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial