How to Reduce Security Risks on LAN by Controling wireless Noteboks

Discussion in 'Wireless Networking' started by Babak Majidi, Feb 5, 2006.

  1. Babak Majidi

    Babak Majidi Guest

    Dear Professionals

    I'm Administrator of LAN with 6 Servers and 130 clients.
    some managers have Notebook Computers. They want to connect to LAN by their
    Notebook.
    But I'm worry about: They are not professional on using computer well and If
    their Notebook become pollute with Trojans,Spywares and Viruses when they
    are connecting to Internet from their home, our Internet Bandwidth become
    low.
    There are Anti Virus software on all Servers and Clients in LAN and I Update
    them weekly. But I'm worry about Anti Viruses on Notebooks when they are not
    Update.
    They want to run applications that connects to SQL Server on LAN and MailBox
    on Exchange Server.
    Please give me a solution with Security vision.

    Best Regards,
    B.Majidi
     
    Babak Majidi, Feb 5, 2006
    #1
    1. Advertisements

  2. In
    Bandwidth? That's certainly not the only cause for concern. Virus
    infestation on your network is very likely, if they use VPN. And gawd knows
    what else.

    This isn't a wireless issue, really, so you might better post questions like
    this in microsoft.public.security or
    microsoft.public.windows.server.networking.

    Bottom line: don't let any non-trusted/centrally managed/locked down
    computers connect directly to the corporate network at all, via LAN, VPN,
    wireless LAN. Perhaps you could get a separate terminal server & TS CALs for
    these users if this is a real need. In fact, performance for any sort of
    file access/SQL would be much better that way, and would be my preferred
    config regardless.

    For Exchange access alone, if you're using Exchange 2003, you could set them
    up to use RPC over HTTPs (they will need Outlook 2003 and WinXP SP1 or SP2)
    and this doesn't constitute a real security risk - it uses SSL/port 443 and
    doesn't open up anything from their own computers/networks to your
    server/network.
     
    Lanwench [MVP - Exchange], Feb 5, 2006
    #2
    1. Advertisements

  3. Babak Majidi

    Ben Guest

    All I can suggest is you make sure all anti-virus software is up to day,
    install personal firewalls on all the clients, all updates are installed.
    You should have an update server push out all updates as well, so no user
    interaction is required. Also you should have an acceptable computer
    usage/internet policy, that everyone signs! So they are aware of what they
    can and can't do!

    To be honest, every LAN administrator worth his salt should already have
    this infrastructure in place!

    Ben
     
    Ben, Feb 5, 2006
    #3
  4. Babak Majidi

    Babak Majidi Guest

    Thanks both of you.

     
    Babak Majidi, Feb 6, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.