General discussion

Locked

Securing Laptops

By SECUREIT ·
I'd really like to know the best way to validate whether or not a contractor's laptop is "safe" to put onto the internal LAN. I'm thinking of something like like running windows update and stinger or is there a utility that will do both?

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by feathersmcgraw In reply to Securing Laptops

You pose every network engineer/system administrator's dilema. You have a contractor who is coming to work for you for a while, or a consultant who needs access on the internal LAN. It's your right and duty to protect your network, and to enforce policy and/or procedures designed to do just that. Before you let the laptop on you can have the contractor show you that the basics are on their laptop...antivirus with current definitions (does no good to have an eval version with defs from 02/05/2002), some sort of malware/spyware blocker (spysweeper etc), windows updated fully with latest SP and hotfixes. They should be able to account for that. If they say they don't need it I would question their skills as a technician.

The other thing you can do to protect yourself is assign them a static ip address. This will allow for you to be able to track access to and from servers. In some cases (like we do at my current employer) you set up a guest VLAN with ACL rules about where they can and cannot go. This helps us track where an item may have come from if a virus or worm or any other unexplained suddenly pops up on our network radar.

Those are just some simple suggestions and my opinions. Bottom line, you are the best judge of character and should review their laptop...especially if they will be involved with mission critical data or servers.

Collapse -

by SECUREIT In reply to

Poster rated this answer.

Collapse -

by jmgarvin In reply to Securing Laptops

Gah! Don't let the laptop on! Issue the contractor a piece of equipment from your office that you know is safe.

Contractors tend to bring along stuff they really shouldn't have and cause problems. If you have to allow that laptop on:
1) Make sure that he is not running any server software on his laptop (yes it does happen)
2) log his MAC
3) Give him a static IP
4) Don't give him access to much on the network, only what he needs
5) Keep an eye on him. Unethical Contractors tend to walk off with intellectual property, internal company documents, and such.

Collapse -

by SECUREIT In reply to

Poster rated this answer.

Collapse -

by Loraine In reply to Securing Laptops

There are also products you can buy that check any computer's security "credentials" before letting them on the network. It's policy-based and checks for updates, sequestering them until they do whatever you want updated or added. I know they're designed for remote users, but surely they'd work for consultants, too. iPass is one.

Collapse -

by SECUREIT In reply to

Poster rated this answer.

Collapse -

by OTL In reply to Securing Laptops

I like answer # 2, however make it a desktop (they do not walk without being noticed ! Also no writeable removeable media).

Only problem is what are they working on ? May require specific software that you do not currently have in your inventory.

Collapse -

by SECUREIT In reply to

Poster rated this answer.

Collapse -

by SECUREIT In reply to Securing Laptops

This question was closed by the author

Back to Security Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums