What are companies doing about visitors that need to use their network to VPN to their own network, access the Internet for presentations or fixes, etc.? I'm leery of a visitor on my network. The PC could have a virus, or the visitor could be a spy capturing information, yet there seems to be a growing need to allow visitors on the network.
Most companies are not doing anything about this, though you are rightfully concerned. What I've recommended to companies that I have provided consulting for is the following:
- Disable wall jacks that do not have anything connected. System Administrators on duty can re-enable them as needed.
- Set up conference rooms with two sets of jacks; one set connected to the network inside the firewall, one set outside the firewall. This allows visitors to connect to the Net to do presentations without accessing the corporate network. It also allows internal presentations to be held in the same room while using the corporate network.
- Visitors that need to have access to the Net but also need protection by your firewall must connect only on a special subnet behind the firewall that is restricted for use by visitors. This subnet can connect to the outside, but not to any of the other internal subnets.
These restrictions limit the damage to either outside your firewall, or to a subnet that only visitors use. It prevents damage to your corporate resources.
For more information on this topic, visit these other SearchSecurity.com resources:
Dig Deeper on Network Access Control Basics
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.