Improve company productivity with a Business Account.Sign Up

x
?
Solved

Block computers with virus from gaining access to my network

Posted on 2014-12-09
6
Medium Priority
?
240 Views
Last Modified: 2014-12-17
Anyone know of a software solution or device that can block infected computers from gaining access to my company network?

Scenario: An end user brings their computer home and gets a virus. The next day when they come into the office with that same computer and plug it into my network.  I would like the network to block that computer and send a message to IT so they can contact the end user and clean the OS.

Most of the computers are Windows 7 with some Vista and XP laying around.
All computers are on the domain.

Let me know if you need any more information.
0
Comment
Question by:TRTurner
6 Comments
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 40489045
Hi

I'm not sure there is anything more intelligent than an anti virus software that would run on all client devices, scan on a regular basis and let that app deal with any virus on each client computer. Given that what your seem to be looking for is something that would detect the virus at a network layer and block that computer's OS from negotiating with the domain at an application layer level. Im not sure that's possible.

Would be good to know if there is.

Thanks
Mark/
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 40489278
You're looking for a Network Access Control solution.  Several exists.  Cisco has one.  Microsoft has Network Access Protection.  They can't know for certain if a machine is infected but they can set certain minimums for access, such as ensuring the antivirus installed is up-to-date.
0
 
LVL 59

Accepted Solution

by:
McKnife earned 2000 total points
ID: 40489971
Also think about this:
what makes an infected computer suspicious? It would be very hard to tell. Only if the virus is some network worm that does massive port scans, you would have a chance to tell.

So the best you could do is maybe ask yourself: what do I have to fear?

My fears would be
1 that this infected host could infect others
2 that it could read out data in the name of the user (impersonation) and send that to some remote server (via ftp/http)
Another minor fear:
3 that virus could start sending spam which might have the effect that your mail server could be black listed remotely.

What to do:

1 open only ports that you need. And those ports needed need to belong to patched software. result: nothing at all will happen, the worst possible thing would be an increase in network traffic
2 this is difficult. Two key thoughts: we could setup some system that authorizes traffic, some tagging that has to be applied to the files before data is sent/uploaded and combine it with a content inspection system that looks for those tags and if not present, stops that dataflow - there are systems that work like this. Our company uses another approach: we simply don't grant internet access to people the ordinary way. We grant it only via RemoteApps. No virus is intelligent enough to use this channel to get his data out.
3 Some mail clients like outlook even detect when they are being abused and stop it automatically. All other mail traffic would need to authenticate and without, it would fail.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40498076
As stated above, NAC, but read my article here about why it won't ever work the way you intend unless you first establish a second segment in your network: http://www.experts-exchange.com/Security/Misc/A_12736-Bring-Your-Own-Device-Security-NAC-MDM.html
Let me say that viri are the least of your worries if people are allowed to bring in their own equipment. NAC can help you keep them on one side, and your own "trusted" equipment on the other. ForeScout has the best NAC solution currently, but it cost's. You can do it on your own or cheaply with PacketFence if you have the time.
-rich
0

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

584 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question