Question

  • Creator
    Topic
  • #2215108

    Quarantining laptops

    Locked

    by derek schauland ·

    I got to the office this morning and saw a manager headed for a meeting with a laptop. The laptop was not one I had seen before and was not the usual brand we use.

    I was wondering if there might be a good way to quarantine these devices until they can be checked for viruses and to ensure they have antivirus applications and the like installed and up to date if they connect to the network.

    Not sure how to go about such things… any help would be appreciated.

    Thanks

    Derek

All Answers

  • Author
    Replies
    • #2757698

      Clarifications

      by derek schauland ·

      In reply to Quarantining laptops

      Clarifications

    • #2757696

      What kind of setup do you have?

      by thumbsup2 ·

      In reply to Quarantining laptops

      If you tell us what you already have, it might help! 😉

      What kind of server are you using? Do you assign static IP’s? Are you filtering by MAC address? Or, is your system wide open and allows anything that gets plugged into it to be assigned an IP?

      • #2757684

        For right now

        by derek schauland ·

        In reply to What kind of setup do you have?

        it allows anything plugged in… its wide open, using Windows 2003 AD.

        Was hoping to find the right starting point to get it moving in the right direction as we aren’t doing anything today.

        • #2757679

          first off

          by shasca ·

          In reply to For right now

          You need a policy enforced to back you up. You need parameters set as to what is, and is not allowed on the company network. You don’t want to lock everything down without managements buyin.

        • #2757672

          Then

          by shasca ·

          In reply to first off

        • #2757581

          Thanks

          by derek schauland ·

          In reply to Then

          I will give it a look. After I come up with some possibilities, management will be involved. If I cannot achieve the goal there is no sense in bothering them about it.

        • #2757447

          About Management involvement

          by ic-it ·

          In reply to Thanks

          I believe Shasca is referring to Management setting a Policy.
          The Policy either would limit or ban non-company resources from connecting to the network. It gives you the authority to enforce the rule. It also gives you a direction for implementation.
          Then you may take additional steps to lock down the network (or examine a quarintine solution).

        • #2757557

          quarantine laptops and other devices

          by cg it ·

          In reply to For right now

          some of the enterprise level Antivirus solutions have quarantine capabilites. If a new client is added to the network, the AV will quarantine it until it meets the network requirements.

          If this is an active directory domain, by design, if the laptop is not a member of the domain, it can not access resources on the domain. Even if the user tries to log on with their account. Active Directory requires a computer account for clients to be members of the domain, therefore there is some inherent quarantine.

          Managed switches allow you to assign MAC addresses to a switch port. This security feature will disable the switch port if the wrong computer uses that switchport. You can also disable unused switchports.

          Combined, these security features can be used to make sure unauthorized computers do not gain access to the network.

Viewing 1 reply thread