News Stay informed about the latest enterprise technology news and product updates.

Don't allow unprotected laptops and desktops to connect to the LAN

This excerpt from Chapter 1 of Roberta Bragg's "Hardening Windows systems" explains how simple it is for an infected computer to wreak havoc on a network.

Get a glimpse inside Roberta Bragg's new book "Hardening Windows systems" with this series of book excerpts. This...

excerpt from Chapter 1, "An immediate call to action," explains how simple it is for an infected computer to wreak havoc on a network. Click for the complete book excerpt series or purchase the book.

Don't allow unprotected laptops and desktops to connect to the LAN

Even though network-wide patching and antivirus policies are enforced and stringently followed, an infection from some viruses and worms can be caused when users of laptop computers return them to the network. This is because these users may not have properly updated systems. If their systems become infected, they can infect others by simply connecting to the LAN. Likewise, desktop computers that have not been used for some time may lack proper patches and viral protection.

Users may bring systems from home, and contractors may also connect unmanaged, unprotected systems to the LAN. Your policies should ban these actions.

Instead of allowing these unsafe systems to connect to the LAN, establish a policy that requires their inspection and updating before their return. The policy may not be easy to enforce, as technical controls to manage connections are not widely deployed. Here are some options for managing network connections:

  • Use authenticating switches. If a rogue computer (an unauthorized computer such as one that is brought in by an employee, a contractor or an attacker) attempts to connect to the network, it can not authenticate and so is prevented from connecting. If you properly manage authentication, you can also disable computers taken off the network from being inadvertently connected without being updated.
  • Use network quarantines. Segment a portion of the network to be used by mobile systems. Deny access to the rest of the network until systems are properly updated and any existing infections cleaned.

Click for the next excerpt in this series: Use Runas or Su.

Click for book details or purchase the book.

Dig Deeper on Windows Server and Network Security



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.