Don't allow unprotected laptops and desktops to connect to the LAN

This excerpt from Chapter 1 of Roberta Bragg's "Hardening Windows systems" explains how simple it is for an infected computer to wreak havoc on a network.

This Content Component encountered an error

Hardening Windows Systems Get a glimpse inside Roberta Bragg's new book "Hardening Windows systems" with this series of book excerpts. This excerpt from Chapter 1, "An immediate call to action," explains how simple it is for an infected computer to wreak havoc on a network. Click for the complete book excerpt series or purchase the book.


Don't allow unprotected laptops and desktops to connect to the LAN

Even though network-wide patching and antivirus policies are enforced and stringently followed, an infection from some viruses and worms can be caused when users of laptop computers return them to the network. This is because these users may not have properly updated systems. If their systems become infected, they can infect others by simply connecting to the LAN. Likewise, desktop computers that have not been used for some time may lack proper patches and viral protection.

Users may bring systems from home, and contractors may also connect unmanaged, unprotected systems to the LAN. Your policies should ban these actions.

Instead of allowing these unsafe systems to connect to the LAN, establish a policy that requires their inspection and updating before their return. The policy may not be easy to enforce, as technical controls to manage connections are not widely deployed. Here are some options for managing network connections:

  • Use authenticating switches. If a rogue computer (an unauthorized computer such as one that is brought in by an employee, a contractor or an attacker) attempts to connect to the network, it can not authenticate and so is prevented from connecting. If you properly manage authentication, you can also disable computers taken off the network from being inadvertently connected without being updated.
  • Use network quarantines. Segment a portion of the network to be used by mobile systems. Deny access to the rest of the network until systems are properly updated and any existing infections cleaned.

Click for the next excerpt in this series: Use Runas or Su.


Click for book details or purchase the book.

Dig deeper on Windows Server and Network Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close