Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Virus protection on guest laptops

Posted on 2014-11-23
5
Medium Priority
?
201 Views
Last Modified: 2014-12-03
We have antivirus on our computers on our LAN.  However, we have guest laptops that connect to our network.  Is there any way to protect our network from infected laptops that hook up to our guest internet?
0
Comment
Question by:al4629740
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:andreas
ID: 40461450
You might not allow thr guest Laptops to ANY Lan port of your network. I would suggest to set up a seperate LAN for the laptops and marking the LAN ports in the rooms accordingly.

This Laptop-LAN needs to be seperated by firewall rules from your work-LAN. Best is to only allow internet for the guest-LAN via Proxies for the protocols needed.

If you connect the laptops into your current  LAN its not possible to protect you from all issues the laptops might bring.
1. There might be new malware NO AV-scanner is able to detect now.
2. The laptops might try to divert traffic via arp-spoofing to perform man in the middle attacks.
3. The laptops might run own DHCP and DNS -servers to distribute false network configs, could be used for man in the middle too.
4. Laptops might start to brute force account passwords. In coorportate LANs the PCs usually trust the other PCs in the same lan and the windows firewall wont block login attempts.
0
 

Author Comment

by:al4629740
ID: 40462016
What about putting them behind another separate router?
0
 
LVL 12

Expert Comment

by:andreas
ID: 40462933
Would be possible IF the 2nd router blocks access to the IPs in the 1st subnet that is located on its WAN side. just route packets out and in to the internet but block the access to the subnet that your first router has as the LAN.
0
 

Author Comment

by:al4629740
ID: 40464685
Yes.  If that is the case, would that secure against most threats?
0
 
LVL 12

Accepted Solution

by:
andreas earned 2000 total points
ID: 40465211
it would offer a good level of protection. But if you install proxy servers, as I suggested in my first post(that proxy only the protocols you want to allow for guests) the protection would be much more high.

Mark there is no 100% secure system. Holes might always be there (e.g. in the 2nd router you want to put) and thus the internal network can again attack your work environment.
0

Featured Post

Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question