?
Solved

antivirus solution for wireless network

Posted on 2013-12-17
6
Medium Priority
?
486 Views
Last Modified: 2013-12-21
Hi Experts,

Our company allows users to bring their own laptop to work and connect to our network via wireless.  I want to know if there is a solution or best solution to scan their pc to make sure the pc equips the good antivirus software with current definition file before allowing it to connect to our wireless network.

We have Windows 2003 network.

Thank you very much in advance.

EN
0
Comment
Question by:EnjoyNet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 280 total points
ID: 39724986
If their computer is set up correctly, you should not be able to access their computer to scan it without their login.
0
 
LVL 22

Assisted Solution

by:Nick Rhode
Nick Rhode earned 280 total points
ID: 39725063
Typically with that type of situation I would setup a guest network that is isolated from the environment so its just internet for personal devices.  If they want to get viruses on them that's fine and it will not affect the network.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 400 total points
ID: 39726661
BYOD (bring your own device) is a bad idea from the security perspective. You can't think of it like people who push NAC do. Being fully-patched, and having AV installed is great, makes you feel secure, but it means nothing if you have been an admin for more than 1-2 years, you'd know that patches and AV do not a secure system make. What about a user with a VPN or Remote Desktop service running on their computer. They brought it in, passed the AV checks, they left for the night. Their remote desktop app is cloud based, and uses the password of "pass1234", now you've got some "hacker" (I use the term loosely) in your network looking around because you are not in charge of that PC, you have no rights on that PC. The NAC folks claim to allow you to have control, to force users to install their client, but it's the middle of the night, and that program sets off no flags, it's a well respected application in fact. NAC doesn't help you secure your network, it only makes you feel that way.
Then there are the more common problems however with BYOD. Users who use bittorrent, usenet, warez and other sharing protocols. There are legit uses for them, but 90% of the use is considered copyright infringement of music/video/software etc... Next week your ISP is subpenaed and tells them the traffic is coming from you're company.

Do everything you can to prevent BYOD. NAC is better at preventing BYOD that it is at allowing it. You should have a guest vlan as pointed out above, and those guests should not be allowed to access anything other than the internet. If you want security, that's how it has to be. If you think you'll be lucky and not have something like the above happen to you, me and the others out there in the consulting business are happy to take you're money in a few months :)

Mobile devices aren't productive for more than a casual email/response. And you can allow them to access the internet and use webmail/owa like everyone else does when they are remote. Users laptops can't be trusted, they have to remain in the guest network, with access to the internet.

I am jaded. I deal with this day in and day out. I look for ways so this isn't the case, but currently this is the case. Ask any College/Library or Hotel network administrator, the users machines can't be trusted, you can only give them access to the internet at best.

Also note, that once you've allowed them onto your network, if they disable their AV or if something does, how will you kick them off again?
-rich
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
LVL 62

Assisted Solution

by:gheist
gheist earned 240 total points
ID: 39732496
It is here:
http://technet.microsoft.com/en-us/network/bb545879.aspx
It communicates with backdoor agent on windows machine to see that they have patch installed and viruses available.
0
 

Author Closing Comment

by:EnjoyNet
ID: 39732535
Thank you very much for your sharing and advice.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39733494
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question