Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Network security options/IP allocation

Status
Not open for further replies.
Trackhappy

Trackhappy

IS-IT--Management
Oct 1, 2002
81
US
We have multiple remote sites where external contractors regularly attach their Notebooks to the WAN in addition to our normal staff. Other than using fixed IP addresses (which would be very restrictive for users travelling between sites) options has anybody heard of to restrict their access? I ask because we just got a worm from such access. I know keeping patches up to date is the best we can do at present, but with 1500 or more machines there is always one site or other behind on rolling them out.
Any suggestions?
 
Sort by date Sort by votes
what about a logon script.
it should check if the user is in a certain group in AD, a group of the external users naturally, and if yes check if a certain process runs on the machine e.g. AV software.
if not, do not allow logon.
Ship the av software to the users, that will block worms and stuff and demand they use it when logging on. if a worm some day destroys the nework, the user will not have anywhere to log on to in the first place.

mvh Nicolai
 
Upvote 0 Downvote
Thanks Niksen.
It's more the physical access I want to stop. Once a machine gets an IP address, regardless of logon etc. it can have a worm which then does a port attack of some fashion. I want to stop them getting an IP unless it is a valid machine on our network. Some plug-in to DHCP that allows a list of Mac addresses comes to mind, as our users can raom we don't want to restrict them too much.
Any thoughts are appreciated.
 
Upvote 0 Downvote
Interesting about the antivirus software, I don't think you can rely soley on it anymore. Couple of reasons, viri might be out before antivirus updated, or...my company has Symantec Antivirus Corp Edition installed on all machines. Last week, some virus like behaviour appeared, and I consulted with Symantec. They said yes, if the machine is not patched, parts of Blaster could appear.

These machines are not part of my area of direct control, so they were not patched.

Honestly, I hadn't worried very much before this, I put a lot of faith in SAVCE.

Jeff

So patch as well as use antivirus.
 
Upvote 0 Downvote
I agree whole-heartedly. AV is just not enough any more. The AV software picked it up, but only after it had copied itself up to the un-patched machines, which I would rather did not happen. This time it was relatively harmless, but as they get smarter....who knows?
We considered PC Firewalls, but the problem is that these nasty's use valid ports etc. so where do you put the fence?
 
Upvote 0 Downvote
Somebody just suggested 802.1x. Anybody seen it used?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Network discovery EDR/EPP
Replies
0
Views
431
DrB0b
DrB0b
nate901
  • Locked
  • Question
(1) Cell phone app security and (2) Shared-site login security
Replies
1
Views
79
Noway2
Noway2
p3achy2Grl
  • Locked
  • Question
Charging Clients to complete their security questionnaires
Replies
1
Views
75
johnherman
johnherman
rider90
  • Locked
  • Question
ASP.NET Forms Authentication - Security implications
Replies
0
Views
71
rider90
rider90
bigjerzee616
  • Locked
  • Question
slow network
Replies
1
Views
69
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top