Solved

antivirus solution for wireless network

Posted on 2013-12-17
6
483 Views
Last Modified: 2013-12-21
Hi Experts,

Our company allows users to bring their own laptop to work and connect to our network via wireless.  I want to know if there is a solution or best solution to scan their pc to make sure the pc equips the good antivirus software with current definition file before allowing it to connect to our wireless network.

We have Windows 2003 network.

Thank you very much in advance.

EN
0
Comment
Question by:EnjoyNet
6 Comments
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 70 total points
ID: 39724986
If their computer is set up correctly, you should not be able to access their computer to scan it without their login.
0
 
LVL 22

Assisted Solution

by:Nick Rhode
Nick Rhode earned 70 total points
ID: 39725063
Typically with that type of situation I would setup a guest network that is isolated from the environment so its just internet for personal devices.  If they want to get viruses on them that's fine and it will not affect the network.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 100 total points
ID: 39726661
BYOD (bring your own device) is a bad idea from the security perspective. You can't think of it like people who push NAC do. Being fully-patched, and having AV installed is great, makes you feel secure, but it means nothing if you have been an admin for more than 1-2 years, you'd know that patches and AV do not a secure system make. What about a user with a VPN or Remote Desktop service running on their computer. They brought it in, passed the AV checks, they left for the night. Their remote desktop app is cloud based, and uses the password of "pass1234", now you've got some "hacker" (I use the term loosely) in your network looking around because you are not in charge of that PC, you have no rights on that PC. The NAC folks claim to allow you to have control, to force users to install their client, but it's the middle of the night, and that program sets off no flags, it's a well respected application in fact. NAC doesn't help you secure your network, it only makes you feel that way.
Then there are the more common problems however with BYOD. Users who use bittorrent, usenet, warez and other sharing protocols. There are legit uses for them, but 90% of the use is considered copyright infringement of music/video/software etc... Next week your ISP is subpenaed and tells them the traffic is coming from you're company.

Do everything you can to prevent BYOD. NAC is better at preventing BYOD that it is at allowing it. You should have a guest vlan as pointed out above, and those guests should not be allowed to access anything other than the internet. If you want security, that's how it has to be. If you think you'll be lucky and not have something like the above happen to you, me and the others out there in the consulting business are happy to take you're money in a few months :)

Mobile devices aren't productive for more than a casual email/response. And you can allow them to access the internet and use webmail/owa like everyone else does when they are remote. Users laptops can't be trusted, they have to remain in the guest network, with access to the internet.

I am jaded. I deal with this day in and day out. I look for ways so this isn't the case, but currently this is the case. Ask any College/Library or Hotel network administrator, the users machines can't be trusted, you can only give them access to the internet at best.

Also note, that once you've allowed them onto your network, if they disable their AV or if something does, how will you kick them off again?
-rich
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 62

Assisted Solution

by:gheist
gheist earned 60 total points
ID: 39732496
It is here:
http://technet.microsoft.com/en-us/network/bb545879.aspx
It communicates with backdoor agent on windows machine to see that they have patch installed and viruses available.
0
 

Author Closing Comment

by:EnjoyNet
ID: 39732535
Thank you very much for your sharing and advice.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39733494
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question