Solved

antivirus solution for wireless network

Posted on 2013-12-17
6
482 Views
Last Modified: 2013-12-21
Hi Experts,

Our company allows users to bring their own laptop to work and connect to our network via wireless.  I want to know if there is a solution or best solution to scan their pc to make sure the pc equips the good antivirus software with current definition file before allowing it to connect to our wireless network.

We have Windows 2003 network.

Thank you very much in advance.

EN
0
Comment
Question by:EnjoyNet
6 Comments
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 70 total points
ID: 39724986
If their computer is set up correctly, you should not be able to access their computer to scan it without their login.
0
 
LVL 22

Assisted Solution

by:Nick Rhode
Nick Rhode earned 70 total points
ID: 39725063
Typically with that type of situation I would setup a guest network that is isolated from the environment so its just internet for personal devices.  If they want to get viruses on them that's fine and it will not affect the network.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 100 total points
ID: 39726661
BYOD (bring your own device) is a bad idea from the security perspective. You can't think of it like people who push NAC do. Being fully-patched, and having AV installed is great, makes you feel secure, but it means nothing if you have been an admin for more than 1-2 years, you'd know that patches and AV do not a secure system make. What about a user with a VPN or Remote Desktop service running on their computer. They brought it in, passed the AV checks, they left for the night. Their remote desktop app is cloud based, and uses the password of "pass1234", now you've got some "hacker" (I use the term loosely) in your network looking around because you are not in charge of that PC, you have no rights on that PC. The NAC folks claim to allow you to have control, to force users to install their client, but it's the middle of the night, and that program sets off no flags, it's a well respected application in fact. NAC doesn't help you secure your network, it only makes you feel that way.
Then there are the more common problems however with BYOD. Users who use bittorrent, usenet, warez and other sharing protocols. There are legit uses for them, but 90% of the use is considered copyright infringement of music/video/software etc... Next week your ISP is subpenaed and tells them the traffic is coming from you're company.

Do everything you can to prevent BYOD. NAC is better at preventing BYOD that it is at allowing it. You should have a guest vlan as pointed out above, and those guests should not be allowed to access anything other than the internet. If you want security, that's how it has to be. If you think you'll be lucky and not have something like the above happen to you, me and the others out there in the consulting business are happy to take you're money in a few months :)

Mobile devices aren't productive for more than a casual email/response. And you can allow them to access the internet and use webmail/owa like everyone else does when they are remote. Users laptops can't be trusted, they have to remain in the guest network, with access to the internet.

I am jaded. I deal with this day in and day out. I look for ways so this isn't the case, but currently this is the case. Ask any College/Library or Hotel network administrator, the users machines can't be trusted, you can only give them access to the internet at best.

Also note, that once you've allowed them onto your network, if they disable their AV or if something does, how will you kick them off again?
-rich
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 62

Assisted Solution

by:gheist
gheist earned 60 total points
ID: 39732496
It is here:
http://technet.microsoft.com/en-us/network/bb545879.aspx
It communicates with backdoor agent on windows machine to see that they have patch installed and viruses available.
0
 

Author Closing Comment

by:EnjoyNet
ID: 39732535
Thank you very much for your sharing and advice.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39733494
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question