?
Solved

Block computers with virus from gaining access to my network

Posted on 2014-12-09
6
Medium Priority
?
235 Views
Last Modified: 2014-12-17
Anyone know of a software solution or device that can block infected computers from gaining access to my company network?

Scenario: An end user brings their computer home and gets a virus. The next day when they come into the office with that same computer and plug it into my network.  I would like the network to block that computer and send a message to IT so they can contact the end user and clean the OS.

Most of the computers are Windows 7 with some Vista and XP laying around.
All computers are on the domain.

Let me know if you need any more information.
0
Comment
Question by:TRTurner
6 Comments
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 40489045
Hi

I'm not sure there is anything more intelligent than an anti virus software that would run on all client devices, scan on a regular basis and let that app deal with any virus on each client computer. Given that what your seem to be looking for is something that would detect the virus at a network layer and block that computer's OS from negotiating with the domain at an application layer level. Im not sure that's possible.

Would be good to know if there is.

Thanks
Mark/
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 40489278
You're looking for a Network Access Control solution.  Several exists.  Cisco has one.  Microsoft has Network Access Protection.  They can't know for certain if a machine is infected but they can set certain minimums for access, such as ensuring the antivirus installed is up-to-date.
0
 
LVL 58

Accepted Solution

by:
McKnife earned 2000 total points
ID: 40489971
Also think about this:
what makes an infected computer suspicious? It would be very hard to tell. Only if the virus is some network worm that does massive port scans, you would have a chance to tell.

So the best you could do is maybe ask yourself: what do I have to fear?

My fears would be
1 that this infected host could infect others
2 that it could read out data in the name of the user (impersonation) and send that to some remote server (via ftp/http)
Another minor fear:
3 that virus could start sending spam which might have the effect that your mail server could be black listed remotely.

What to do:

1 open only ports that you need. And those ports needed need to belong to patched software. result: nothing at all will happen, the worst possible thing would be an increase in network traffic
2 this is difficult. Two key thoughts: we could setup some system that authorizes traffic, some tagging that has to be applied to the files before data is sent/uploaded and combine it with a content inspection system that looks for those tags and if not present, stops that dataflow - there are systems that work like this. Our company uses another approach: we simply don't grant internet access to people the ordinary way. We grant it only via RemoteApps. No virus is intelligent enough to use this channel to get his data out.
3 Some mail clients like outlook even detect when they are being abused and stop it automatically. All other mail traffic would need to authenticate and without, it would fail.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40498076
As stated above, NAC, but read my article here about why it won't ever work the way you intend unless you first establish a second segment in your network: http://www.experts-exchange.com/Security/Misc/A_12736-Bring-Your-Own-Device-Security-NAC-MDM.html
Let me say that viri are the least of your worries if people are allowed to bring in their own equipment. NAC can help you keep them on one side, and your own "trusted" equipment on the other. ForeScout has the best NAC solution currently, but it cost's. You can do it on your own or cheaply with PacketFence if you have the time.
-rich
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Each password manager has its own problems in dealing with certain websites and their login methods. In Part 1, I review the Top 5 Password Managers that I've found to be the best. In Part 2 we'll look at which ones co-exist together and why it'…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question