Q
Problem solve Get help with specific problems with your technologies, process and projects.

Protecting your network from visitors

We get visitors at our facilities that tend to bring their own laptops with them. We would like to figure out a way to scan those laptops for pests, viruses, etc. before putting them on our network. Some of these offices are remote. We have Cisco 2600 routers at every location. Maybe I'm not on the right track, but I thought we could designate a port to scan the machine but I'm not sure of how to do that.

We get visitors at our facilities that tend to bring their own laptops with them. We would like to figure out a way to scan those laptops for pests, viruses, etc. before putting them on our network. Some of these offices are remote. We have Cisco 2600 routers at every location. Maybe I'm not on the right track, but I thought we could designate a port to scan the machine but I'm not sure of how to do that?
It would be very labor intensive to try to do this using router access control lists and other firewall rules. What you are looking for is called "pre-admission control" and is a key feature of NAC (network access control). Your best bet is to put all of those open ports (that an external party would connect to) on a specific VLAN and route all of that traffic through an SSL VPN box that could do the scanning and also enforce policy. Some of the NAC vendors (including Cisco) also have equipment that detects whether a device is "known" and if not, will initiate a scan.

Dig Deeper on Network Security Best Practices and Products

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close