Solved

Block computers with virus from gaining access to my network

Posted on 2014-12-09
6
225 Views
Last Modified: 2014-12-17
Anyone know of a software solution or device that can block infected computers from gaining access to my company network?

Scenario: An end user brings their computer home and gets a virus. The next day when they come into the office with that same computer and plug it into my network.  I would like the network to block that computer and send a message to IT so they can contact the end user and clean the OS.

Most of the computers are Windows 7 with some Vista and XP laying around.
All computers are on the domain.

Let me know if you need any more information.
0
Comment
Question by:TRTurner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 40489045
Hi

I'm not sure there is anything more intelligent than an anti virus software that would run on all client devices, scan on a regular basis and let that app deal with any virus on each client computer. Given that what your seem to be looking for is something that would detect the virus at a network layer and block that computer's OS from negotiating with the domain at an application layer level. Im not sure that's possible.

Would be good to know if there is.

Thanks
Mark/
0
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 40489048
0
 
LVL 5

Expert Comment

by:A Karelin
ID: 40489069
0
Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 40489278
You're looking for a Network Access Control solution.  Several exists.  Cisco has one.  Microsoft has Network Access Protection.  They can't know for certain if a machine is infected but they can set certain minimums for access, such as ensuring the antivirus installed is up-to-date.
0
 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 40489971
Also think about this:
what makes an infected computer suspicious? It would be very hard to tell. Only if the virus is some network worm that does massive port scans, you would have a chance to tell.

So the best you could do is maybe ask yourself: what do I have to fear?

My fears would be
1 that this infected host could infect others
2 that it could read out data in the name of the user (impersonation) and send that to some remote server (via ftp/http)
Another minor fear:
3 that virus could start sending spam which might have the effect that your mail server could be black listed remotely.

What to do:

1 open only ports that you need. And those ports needed need to belong to patched software. result: nothing at all will happen, the worst possible thing would be an increase in network traffic
2 this is difficult. Two key thoughts: we could setup some system that authorizes traffic, some tagging that has to be applied to the files before data is sent/uploaded and combine it with a content inspection system that looks for those tags and if not present, stops that dataflow - there are systems that work like this. Our company uses another approach: we simply don't grant internet access to people the ordinary way. We grant it only via RemoteApps. No virus is intelligent enough to use this channel to get his data out.
3 Some mail clients like outlook even detect when they are being abused and stop it automatically. All other mail traffic would need to authenticate and without, it would fail.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40498076
As stated above, NAC, but read my article here about why it won't ever work the way you intend unless you first establish a second segment in your network: http://www.experts-exchange.com/Security/Misc/A_12736-Bring-Your-Own-Device-Security-NAC-MDM.html
Let me say that viri are the least of your worries if people are allowed to bring in their own equipment. NAC can help you keep them on one side, and your own "trusted" equipment on the other. ForeScout has the best NAC solution currently, but it cost's. You can do it on your own or cheaply with PacketFence if you have the time.
-rich
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question