Anyone have a tried and true method of protecting your internal network from virus which may entered the building by portable computers? I have tried several things but each time a virus threatens my network its been brought in on a notebook. Road warriors and other mobile users are not responsible for the network so scanning with new signature files before connecting seems like a waste of their time. Besides they’re not the one that has to fix it, that IT’s job.
Any ideas are welcome.
Subject: Portable Computing and Virus Protection
Maybe you need to standardize your security procedures for mobile users so they have to have virus protection updated and software firewalls installed.Just a thought anyway.
Subject: Policies
I have come to the conclusion that I can not trust these people to fallow any written policy. I get “ah… I was in a hurry”, or “something didn’t work right.” Most of them don’t have the capacity to understand what they’re doing or why. Maybe I need to quarantine the laptop and perform the scan myself. NOT!.. Or, I could create a scan station that always has the most recent engine and signatures which the portable could connect to for updates. One button is about the most I can expect them to remember.
Subject: Yeah, been there done that
This is a problem indeed. Some people just can’t be bothered to secure their laptop. A sys admin should have the ability to deny access to the network for such people, but that’s usually not a realistic option. Although I’ve seen one instance where a laptop was denied access to the network because of stuff like this.
What happens when you configure the antivirus package to automatically download updates?