Solved

antivirus solution for wireless network

Posted on 2013-12-17
6
477 Views
Last Modified: 2013-12-21
Hi Experts,

Our company allows users to bring their own laptop to work and connect to our network via wireless.  I want to know if there is a solution or best solution to scan their pc to make sure the pc equips the good antivirus software with current definition file before allowing it to connect to our wireless network.

We have Windows 2003 network.

Thank you very much in advance.

EN
0
Comment
Question by:EnjoyNet
6 Comments
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 70 total points
Comment Utility
If their computer is set up correctly, you should not be able to access their computer to scan it without their login.
0
 
LVL 22

Assisted Solution

by:Nick Rhode
Nick Rhode earned 70 total points
Comment Utility
Typically with that type of situation I would setup a guest network that is isolated from the environment so its just internet for personal devices.  If they want to get viruses on them that's fine and it will not affect the network.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 100 total points
Comment Utility
BYOD (bring your own device) is a bad idea from the security perspective. You can't think of it like people who push NAC do. Being fully-patched, and having AV installed is great, makes you feel secure, but it means nothing if you have been an admin for more than 1-2 years, you'd know that patches and AV do not a secure system make. What about a user with a VPN or Remote Desktop service running on their computer. They brought it in, passed the AV checks, they left for the night. Their remote desktop app is cloud based, and uses the password of "pass1234", now you've got some "hacker" (I use the term loosely) in your network looking around because you are not in charge of that PC, you have no rights on that PC. The NAC folks claim to allow you to have control, to force users to install their client, but it's the middle of the night, and that program sets off no flags, it's a well respected application in fact. NAC doesn't help you secure your network, it only makes you feel that way.
Then there are the more common problems however with BYOD. Users who use bittorrent, usenet, warez and other sharing protocols. There are legit uses for them, but 90% of the use is considered copyright infringement of music/video/software etc... Next week your ISP is subpenaed and tells them the traffic is coming from you're company.

Do everything you can to prevent BYOD. NAC is better at preventing BYOD that it is at allowing it. You should have a guest vlan as pointed out above, and those guests should not be allowed to access anything other than the internet. If you want security, that's how it has to be. If you think you'll be lucky and not have something like the above happen to you, me and the others out there in the consulting business are happy to take you're money in a few months :)

Mobile devices aren't productive for more than a casual email/response. And you can allow them to access the internet and use webmail/owa like everyone else does when they are remote. Users laptops can't be trusted, they have to remain in the guest network, with access to the internet.

I am jaded. I deal with this day in and day out. I look for ways so this isn't the case, but currently this is the case. Ask any College/Library or Hotel network administrator, the users machines can't be trusted, you can only give them access to the internet at best.

Also note, that once you've allowed them onto your network, if they disable their AV or if something does, how will you kick them off again?
-rich
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 61

Assisted Solution

by:gheist
gheist earned 60 total points
Comment Utility
It is here:
http://technet.microsoft.com/en-us/network/bb545879.aspx
It communicates with backdoor agent on windows machine to see that they have patch installed and viruses available.
0
 

Author Closing Comment

by:EnjoyNet
Comment Utility
Thank you very much for your sharing and advice.
0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now