Securing network from laptops

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Any ideas on a more secure way of treating laptops which are plugged
into a LAN.  Currently our users can take there laptops home/business
trip and then they can come back in and plug into the network.  Any
suggestions on something that might be more secure: Maybe requiring
them to plug into a seperate LAN with a gateway between LANS that
searches for trojans or viruses being passed to a other computers or
file servers.  Does anybody sell a router like this that could be
plugged into a user cubicle or office and then the user plugs into the
other end of the system?

Or maybe I need to set all the laptop ports up as a seperate network
and run them through a gateway with antivirus and IDS?

Re: Securing network from laptops writes:
Quoted text here. Click to load it

This is an issue that needs a policy+technology answer vs just a
technology answer.  

Mandating that every laptop must be running tested and approved
antivirus + personal firewall combination that is updated, using
policies pushed from a central server, and that machines be configured
for such things as sufficiently strong and sufficiently updated
passwords, fileshares locked down, and things of the like are your
best protection against mobile users bringing nasties into your

Keeping desktop machines firewalled on separate networks from "server"
machines is a good idea when practical.  Traffic analysis of LAN
traffic for trojan or virus related network traffic is also a good
idea in the spirit of defense in depth.  

Best Regards,
Todd H. /

Re: Securing network from laptops says...
Quoted text here. Click to load it

Why not just secure the laptop and only let the users run as local

remove 999 in order to email me

Re: Securing network from laptops wrote:
Quoted text here. Click to load it

Secure the settings for good, install good antivirus (such as NOD32) and
  give users only user level permissions. That way, nomatter what they
do, they cant really get their computer too badly messed up. If you
secure settings for good, they dont actually have permissions to install
ANYTHING to the computer, including viruses. BAHAHAHAHAAA! :)

´╗┐My computer security & privacy related homepage
Use HushTools or GnuPG/PGP to encrypt any email
before sending it to me to protect our privacy.

Re: Securing network from laptops wrote:
Quoted text here. Click to load it

Treat that part of the LAN like it is as unsecure as the internet.

Install two operating systems dual boot - one, highly secure, and with
a policy not to abuse, and one open, so people can use that privatly.

The secure installation has to be on a crypted partition, booted from
a R/O medium, i.e. a CD.

Irony has to be marked as clear as possible. Please use asterisks
AND underlines AND <irony>-tags to make that clear - and don't forget,
that closing </irony>-tags are needed to compensate any sarcasm.

Site Timeline