General discussion

  • Creator
    Topic
  • #2187298

    Securing Laptops

    Locked

    by secureit ·

    I’d really like to know the best way to validate whether or not a contractor’s laptop is “safe” to put onto the internal LAN. I’m thinking of something like like running windows update and stinger or is there a utility that will do both?

All Comments

  • Author
    Replies
    • #3248946

      Reply To: Securing Laptops

      by feathersmcgraw ·

      In reply to Securing Laptops

      You pose every network engineer/system administrator’s dilema. You have a contractor who is coming to work for you for a while, or a consultant who needs access on the internal LAN. It’s your right and duty to protect your network, and to enforce policy and/or procedures designed to do just that. Before you let the laptop on you can have the contractor show you that the basics are on their laptop…antivirus with current definitions (does no good to have an eval version with defs from 02/05/2002), some sort of malware/spyware blocker (spysweeper etc), windows updated fully with latest SP and hotfixes. They should be able to account for that. If they say they don’t need it I would question their skills as a technician.

      The other thing you can do to protect yourself is assign them a static ip address. This will allow for you to be able to track access to and from servers. In some cases (like we do at my current employer) you set up a guest VLAN with ACL rules about where they can and cannot go. This helps us track where an item may have come from if a virus or worm or any other unexplained suddenly pops up on our network radar.

      Those are just some simple suggestions and my opinions. Bottom line, you are the best judge of character and should review their laptop…especially if they will be involved with mission critical data or servers.

    • #3246132

      Reply To: Securing Laptops

      by jmgarvin ·

      In reply to Securing Laptops

      Gah! Don’t let the laptop on! Issue the contractor a piece of equipment from your office that you know is safe.

      Contractors tend to bring along stuff they really shouldn’t have and cause problems. If you have to allow that laptop on:
      1) Make sure that he is not running any server software on his laptop (yes it does happen)
      2) log his MAC
      3) Give him a static IP
      4) Don’t give him access to much on the network, only what he needs
      5) Keep an eye on him. Unethical Contractors tend to walk off with intellectual property, internal company documents, and such.

    • #3262198

      Reply To: Securing Laptops

      by loraine ·

      In reply to Securing Laptops

      There are also products you can buy that check any computer’s security “credentials” before letting them on the network. It’s policy-based and checks for updates, sequestering them until they do whatever you want updated or added. I know they’re designed for remote users, but surely they’d work for consultants, too. iPass is one.

    • #3261254

      Reply To: Securing Laptops

      by otl ·

      In reply to Securing Laptops

      I like answer # 2, however make it a desktop (they do not walk without being noticed ! Also no writeable removeable media).

      Only problem is what are they working on ? May require specific software that you do not currently have in your inventory.

    • #3260660

      Reply To: Securing Laptops

      by secureit ·

      In reply to Securing Laptops

      This question was closed by the author

Viewing 4 reply threads