Ask the Expert

Protecting network from visiting PCs

What are companies doing about visitors that need to use their network to VPN to their own network, access the Internet for presentations or fixes, etc.? I'm leery of a visitor on my network. The PC could have a virus, or the visitor could be a spy capturing information, yet there seems to be a growing need to allow visitors on the network.

    Requires Free Membership to View

Most companies are not doing anything about this, though you are rightfully concerned. What I've recommended to companies that I have provided consulting for is the following:

  1. Disable wall jacks that do not have anything connected. System Administrators on duty can re-enable them as needed.
  2. Set up conference rooms with two sets of jacks; one set connected to the network inside the firewall, one set outside the firewall. This allows visitors to connect to the Net to do presentations without accessing the corporate network. It also allows internal presentations to be held in the same room while using the corporate network.
  3. Visitors that need to have access to the Net but also need protection by your firewall must connect only on a special subnet behind the firewall that is restricted for use by visitors. This subnet can connect to the outside, but not to any of the other internal subnets.

These restrictions limit the damage to either outside your firewall, or to a subnet that only visitors use. It prevents damage to your corporate resources.


For more information on this topic, visit these other SearchSecurity.com resources:
  • Ask the Expert: The placement of security solutions on a network
  • Best Web Links: Infrastructure and Network Security
  • Featured Topic: Network security


    This was first published in March 2003

  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: