RE: Enforce Virus Scanning software on home PCs

Craig,

It all starts with training the users and writing policies and standards for your users and for the network.

Also, look into Fiberlink.

Fiberlink is a custom client software and aggregating service that can be used for dial-up and broad band. The plus is that you can use the client to enforce policies and it has the option for a firewall service.

Check it out at www.fiberlink.com?

Regards,

Greg DeGennaro Jr., CCNP
Security Analyst
415-551-5462
415-317-2119

-----Original Message-----

From: SMiller@unimin.com [mailto:SMiller@unimin.com] Sent: Friday, May 30, 2003 9:53 AM
To: security-basics@securityfocus.com
Subject: Re: Enforce Virus Scanning software on home PCs

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

My experience is that attempting to use technology to solve "people problems" frequently does not prognosticate for success. I do not know of any way to accomplish what you ask that is not complicated. Is there a corporate policy stating that only company-provided computers may be used to connect to corporate networks? If not there should be. Absent a policy, I would write a memo explaining the risks to your boss and top executive management that states that the security of the network cannot be guaranteed under the circumstances. That's CYA and I do not like it, but sometimes such things are necessary:( Once you get the required support for disallowing employee owned computers from the network, you can concentrate on a] a fail-resistant program to ensure that the company-issued laptops are kept compliant and up to date, and b] an authentication method to be sure that the computer requesting connection is one of the tested laptops. There are any number of ways to do b]

Scott Miller  

                      Craig

                      Brauckmiller             To:
security-basics@securityfocus.com                                 
                                        Subject:  Enforce Virus
Scanning software on home PCs                       
 

                      05/28/2003 09:53

                      PM

 

 

Our company is in the grips of an issue we wish we didn't have to deal

with. Our VPs insist on using their own home PCs despite the fact that we

give them corporate laptops.

We want to prevent users from connecting to the corporate LAN if they

don't have a personal firewall installed as well as an up to date virus

scanner package.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

We use Cisco VPN 3000 concentrators with the 3.6x vpn client.

We use Zone Labs Zone Alarm Pro 3.7

We use McAfee virus scan 4.5.1 with latest super dats.

Based on this info, is there a way we can prevent users from accessing the

LAN if the virus software is not installed or up to date?

We can prevent them from connecting if they don't have the firewall

installed...its the virus stuff that has us stumped.

Thanks for the help in advance.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Craig Brauckmiller