Quarantining laptops

By Derek Schauland Contributor ·
I got to the office this morning and saw a manager headed for a meeting with a laptop. The laptop was not one I had seen before and was not the usual brand we use.

I was wondering if there might be a good way to quarantine these devices until they can be checked for viruses and to ensure they have antivirus applications and the like installed and up to date if they connect to the network.

Not sure how to go about such things... any help would be appreciated.



This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Answers

Collapse -

What kind of setup do you have?

by ThumbsUp2 In reply to Quarantining laptops

If you tell us what you already have, it might help!

What kind of server are you using? Do you assign static IP's? Are you filtering by MAC address? Or, is your system wide open and allows anything that gets plugged into it to be assigned an IP?

Collapse -

For right now

it allows anything plugged in... its wide open, using Windows 2003 AD.

Was hoping to find the right starting point to get it moving in the right direction as we aren't doing anything today.

Collapse -

first off

by shasca In reply to For right now

You need a policy enforced to back you up. You need parameters set as to what is, and is not allowed on the company network. You don't want to lock everything down without managements buyin.

Collapse -


by Derek Schauland Contributor In reply to Then

I will give it a look. After I come up with some possibilities, management will be involved. If I cannot achieve the goal there is no sense in bothering them about it.

Collapse -

About Management involvement

by IC-IT In reply to Thanks

I believe Shasca is referring to Management setting a Policy.
The Policy either would limit or ban non-company resources from connecting to the network. It gives you the authority to enforce the rule. It also gives you a direction for implementation.
Then you may take additional steps to lock down the network (or examine a quarintine solution).

Collapse -

quarantine laptops and other devices

by CG IT In reply to For right now

some of the enterprise level Antivirus solutions have quarantine capabilites. If a new client is added to the network, the AV will quarantine it until it meets the network requirements.

If this is an active directory domain, by design, if the laptop is not a member of the domain, it can not access resources on the domain. Even if the user tries to log on with their account. Active Directory requires a computer account for clients to be members of the domain, therefore there is some inherent quarantine.

Managed switches allow you to assign MAC addresses to a switch port. This security feature will disable the switch port if the wrong computer uses that switchport. You can also disable unused switchports.

Combined, these security features can be used to make sure unauthorized computers do not gain access to the network.

Back to Software Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums