Don't allow unprotected laptops and desktops to connect to the LAN

Roberta Bragg

Get a glimpse inside Roberta Bragg's new book "Hardening Windows systems" with this series of book excerpts. This excerpt from Chapter 1, "An immediate call to action," explains how simple it is for an infected computer to wreak havoc on a network. Click for the

Requires Free Membership to View

complete book excerpt series or purchase the book.

Don't allow unprotected laptops and desktops to connect to the LAN

Even though network-wide patching and antivirus policies are enforced and stringently followed, an infection from some viruses and worms can be caused when users of laptop computers return them to the network. This is because these users may not have properly updated systems. If their systems become infected, they can infect others by simply connecting to the LAN. Likewise, desktop computers that have not been used for some time may lack proper patches and viral protection.

Users may bring systems from home, and contractors may also connect unmanaged, unprotected systems to the LAN. Your policies should ban these actions.

Instead of allowing these unsafe systems to connect to the LAN, establish a policy that requires their inspection and updating before their return. The policy may not be easy to enforce, as technical controls to manage connections are not widely deployed. Here are some options for managing network connections:

  • Use authenticating switches. If a rogue computer (an unauthorized computer such as one that is brought in by an employee, a contractor or an attacker) attempts to connect to the network, it can not authenticate and so is prevented from connecting. If you properly manage authentication, you can also disable computers taken off the network from being inadvertently connected without being updated.
  • Use network quarantines. Segment a portion of the network to be used by mobile systems. Deny access to the rest of the network until systems are properly updated and any existing infections cleaned.

Click for the next excerpt in this series: Use Runas or Su.

Click for book details or purchase the book.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: