Solved

Block computers with virus from gaining access to my network

Posted on 2014-12-09
6
219 Views
Last Modified: 2014-12-17
Anyone know of a software solution or device that can block infected computers from gaining access to my company network?

Scenario: An end user brings their computer home and gets a virus. The next day when they come into the office with that same computer and plug it into my network.  I would like the network to block that computer and send a message to IT so they can contact the end user and clean the OS.

Most of the computers are Windows 7 with some Vista and XP laying around.
All computers are on the domain.

Let me know if you need any more information.
0
Comment
Question by:TRTurner
6 Comments
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 40489045
Hi

I'm not sure there is anything more intelligent than an anti virus software that would run on all client devices, scan on a regular basis and let that app deal with any virus on each client computer. Given that what your seem to be looking for is something that would detect the virus at a network layer and block that computer's OS from negotiating with the domain at an application layer level. Im not sure that's possible.

Would be good to know if there is.

Thanks
Mark/
0
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 40489048
0
 
LVL 5

Expert Comment

by:A Karelin
ID: 40489069
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 40489278
You're looking for a Network Access Control solution.  Several exists.  Cisco has one.  Microsoft has Network Access Protection.  They can't know for certain if a machine is infected but they can set certain minimums for access, such as ensuring the antivirus installed is up-to-date.
0
 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 40489971
Also think about this:
what makes an infected computer suspicious? It would be very hard to tell. Only if the virus is some network worm that does massive port scans, you would have a chance to tell.

So the best you could do is maybe ask yourself: what do I have to fear?

My fears would be
1 that this infected host could infect others
2 that it could read out data in the name of the user (impersonation) and send that to some remote server (via ftp/http)
Another minor fear:
3 that virus could start sending spam which might have the effect that your mail server could be black listed remotely.

What to do:

1 open only ports that you need. And those ports needed need to belong to patched software. result: nothing at all will happen, the worst possible thing would be an increase in network traffic
2 this is difficult. Two key thoughts: we could setup some system that authorizes traffic, some tagging that has to be applied to the files before data is sent/uploaded and combine it with a content inspection system that looks for those tags and if not present, stops that dataflow - there are systems that work like this. Our company uses another approach: we simply don't grant internet access to people the ordinary way. We grant it only via RemoteApps. No virus is intelligent enough to use this channel to get his data out.
3 Some mail clients like outlook even detect when they are being abused and stop it automatically. All other mail traffic would need to authenticate and without, it would fail.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40498076
As stated above, NAC, but read my article here about why it won't ever work the way you intend unless you first establish a second segment in your network: http://www.experts-exchange.com/Security/Misc/A_12736-Bring-Your-Own-Device-Security-NAC-MDM.html
Let me say that viri are the least of your worries if people are allowed to bring in their own equipment. NAC can help you keep them on one side, and your own "trusted" equipment on the other. ForeScout has the best NAC solution currently, but it cost's. You can do it on your own or cheaply with PacketFence if you have the time.
-rich
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sophos EC migration to Cloud. 1 103
Knowb4 Compliance Manager vs Tripwire 2 75
Firewall report connections 8 70
Guest Wireless in a Business Environment 6 27
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question