Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Block computers with virus from gaining access to my network

Posted on 2014-12-09
6
Medium Priority
?
233 Views
Last Modified: 2014-12-17
Anyone know of a software solution or device that can block infected computers from gaining access to my company network?

Scenario: An end user brings their computer home and gets a virus. The next day when they come into the office with that same computer and plug it into my network.  I would like the network to block that computer and send a message to IT so they can contact the end user and clean the OS.

Most of the computers are Windows 7 with some Vista and XP laying around.
All computers are on the domain.

Let me know if you need any more information.
0
Comment
Question by:TRTurner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 40489045
Hi

I'm not sure there is anything more intelligent than an anti virus software that would run on all client devices, scan on a regular basis and let that app deal with any virus on each client computer. Given that what your seem to be looking for is something that would detect the virus at a network layer and block that computer's OS from negotiating with the domain at an application layer level. Im not sure that's possible.

Would be good to know if there is.

Thanks
Mark/
0
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 40489278
You're looking for a Network Access Control solution.  Several exists.  Cisco has one.  Microsoft has Network Access Protection.  They can't know for certain if a machine is infected but they can set certain minimums for access, such as ensuring the antivirus installed is up-to-date.
0
 
LVL 56

Accepted Solution

by:
McKnife earned 2000 total points
ID: 40489971
Also think about this:
what makes an infected computer suspicious? It would be very hard to tell. Only if the virus is some network worm that does massive port scans, you would have a chance to tell.

So the best you could do is maybe ask yourself: what do I have to fear?

My fears would be
1 that this infected host could infect others
2 that it could read out data in the name of the user (impersonation) and send that to some remote server (via ftp/http)
Another minor fear:
3 that virus could start sending spam which might have the effect that your mail server could be black listed remotely.

What to do:

1 open only ports that you need. And those ports needed need to belong to patched software. result: nothing at all will happen, the worst possible thing would be an increase in network traffic
2 this is difficult. Two key thoughts: we could setup some system that authorizes traffic, some tagging that has to be applied to the files before data is sent/uploaded and combine it with a content inspection system that looks for those tags and if not present, stops that dataflow - there are systems that work like this. Our company uses another approach: we simply don't grant internet access to people the ordinary way. We grant it only via RemoteApps. No virus is intelligent enough to use this channel to get his data out.
3 Some mail clients like outlook even detect when they are being abused and stop it automatically. All other mail traffic would need to authenticate and without, it would fail.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40498076
As stated above, NAC, but read my article here about why it won't ever work the way you intend unless you first establish a second segment in your network: http://www.experts-exchange.com/Security/Misc/A_12736-Bring-Your-Own-Device-Security-NAC-MDM.html
Let me say that viri are the least of your worries if people are allowed to bring in their own equipment. NAC can help you keep them on one side, and your own "trusted" equipment on the other. ForeScout has the best NAC solution currently, but it cost's. You can do it on your own or cheaply with PacketFence if you have the time.
-rich
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question