Solved

antivirus solution for wireless network

Posted on 2013-12-17
6
484 Views
Last Modified: 2013-12-21
Hi Experts,

Our company allows users to bring their own laptop to work and connect to our network via wireless.  I want to know if there is a solution or best solution to scan their pc to make sure the pc equips the good antivirus software with current definition file before allowing it to connect to our wireless network.

We have Windows 2003 network.

Thank you very much in advance.

EN
0
Comment
Question by:EnjoyNet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 70 total points
ID: 39724986
If their computer is set up correctly, you should not be able to access their computer to scan it without their login.
0
 
LVL 22

Assisted Solution

by:Nick Rhode
Nick Rhode earned 70 total points
ID: 39725063
Typically with that type of situation I would setup a guest network that is isolated from the environment so its just internet for personal devices.  If they want to get viruses on them that's fine and it will not affect the network.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 100 total points
ID: 39726661
BYOD (bring your own device) is a bad idea from the security perspective. You can't think of it like people who push NAC do. Being fully-patched, and having AV installed is great, makes you feel secure, but it means nothing if you have been an admin for more than 1-2 years, you'd know that patches and AV do not a secure system make. What about a user with a VPN or Remote Desktop service running on their computer. They brought it in, passed the AV checks, they left for the night. Their remote desktop app is cloud based, and uses the password of "pass1234", now you've got some "hacker" (I use the term loosely) in your network looking around because you are not in charge of that PC, you have no rights on that PC. The NAC folks claim to allow you to have control, to force users to install their client, but it's the middle of the night, and that program sets off no flags, it's a well respected application in fact. NAC doesn't help you secure your network, it only makes you feel that way.
Then there are the more common problems however with BYOD. Users who use bittorrent, usenet, warez and other sharing protocols. There are legit uses for them, but 90% of the use is considered copyright infringement of music/video/software etc... Next week your ISP is subpenaed and tells them the traffic is coming from you're company.

Do everything you can to prevent BYOD. NAC is better at preventing BYOD that it is at allowing it. You should have a guest vlan as pointed out above, and those guests should not be allowed to access anything other than the internet. If you want security, that's how it has to be. If you think you'll be lucky and not have something like the above happen to you, me and the others out there in the consulting business are happy to take you're money in a few months :)

Mobile devices aren't productive for more than a casual email/response. And you can allow them to access the internet and use webmail/owa like everyone else does when they are remote. Users laptops can't be trusted, they have to remain in the guest network, with access to the internet.

I am jaded. I deal with this day in and day out. I look for ways so this isn't the case, but currently this is the case. Ask any College/Library or Hotel network administrator, the users machines can't be trusted, you can only give them access to the internet at best.

Also note, that once you've allowed them onto your network, if they disable their AV or if something does, how will you kick them off again?
-rich
0
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

 
LVL 62

Assisted Solution

by:gheist
gheist earned 60 total points
ID: 39732496
It is here:
http://technet.microsoft.com/en-us/network/bb545879.aspx
It communicates with backdoor agent on windows machine to see that they have patch installed and viruses available.
0
 

Author Closing Comment

by:EnjoyNet
ID: 39732535
Thank you very much for your sharing and advice.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39733494
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Virus Kronos 4 113
Roguekiller has no option of deleting 19 158
My Asus router (with Trend Micro on it) says a certain web site may have malware on it 4 100
FSRREMOS 7 59
Some of the most commonly posted questions in the "Virus & Malware" Zones are related to the family of rogue malware with the date "2012" somewhere in the title. Examples: XP Antispyware 2012 XP Antivirus 2012 XP Security 2012   XP Home Sec…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question