• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 206
  • Last Modified:

Virus protection on guest laptops

We have antivirus on our computers on our LAN.  However, we have guest laptops that connect to our network.  Is there any way to protect our network from infected laptops that hook up to our guest internet?
0
al4629740
Asked:
al4629740
  • 3
  • 2
1 Solution
 
andreasSystem AdminCommented:
You might not allow thr guest Laptops to ANY Lan port of your network. I would suggest to set up a seperate LAN for the laptops and marking the LAN ports in the rooms accordingly.

This Laptop-LAN needs to be seperated by firewall rules from your work-LAN. Best is to only allow internet for the guest-LAN via Proxies for the protocols needed.

If you connect the laptops into your current  LAN its not possible to protect you from all issues the laptops might bring.
1. There might be new malware NO AV-scanner is able to detect now.
2. The laptops might try to divert traffic via arp-spoofing to perform man in the middle attacks.
3. The laptops might run own DHCP and DNS -servers to distribute false network configs, could be used for man in the middle too.
4. Laptops might start to brute force account passwords. In coorportate LANs the PCs usually trust the other PCs in the same lan and the windows firewall wont block login attempts.
0
 
al4629740Author Commented:
What about putting them behind another separate router?
0
 
andreasSystem AdminCommented:
Would be possible IF the 2nd router blocks access to the IPs in the 1st subnet that is located on its WAN side. just route packets out and in to the internet but block the access to the subnet that your first router has as the LAN.
0
 
al4629740Author Commented:
Yes.  If that is the case, would that secure against most threats?
0
 
andreasSystem AdminCommented:
it would offer a good level of protection. But if you install proxy servers, as I suggested in my first post(that proxy only the protocols you want to allow for guests) the protection would be much more high.

Mark there is no 100% secure system. Holes might always be there (e.g. in the 2nd router you want to put) and thus the internal network can again attack your work environment.
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now