Problem solve Get help with specific problems with your technologies, process and projects.

Protecting network from visiting PCs

What are companies doing about visitors that need to use their network to VPN to their own network, access the...

Internet for presentations or fixes, etc.? I'm leery of a visitor on my network. The PC could have a virus, or the visitor could be a spy capturing information, yet there seems to be a growing need to allow visitors on the network.

Most companies are not doing anything about this, though you are rightfully concerned. What I've recommended to companies that I have provided consulting for is the following:

  1. Disable wall jacks that do not have anything connected. System Administrators on duty can re-enable them as needed.
  2. Set up conference rooms with two sets of jacks; one set connected to the network inside the firewall, one set outside the firewall. This allows visitors to connect to the Net to do presentations without accessing the corporate network. It also allows internal presentations to be held in the same room while using the corporate network.
  3. Visitors that need to have access to the Net but also need protection by your firewall must connect only on a special subnet behind the firewall that is restricted for use by visitors. This subnet can connect to the outside, but not to any of the other internal subnets.

These restrictions limit the damage to either outside your firewall, or to a subnet that only visitors use. It prevents damage to your corporate resources.

For more information on this topic, visit these other SearchSecurity.com resources:
  • Ask the Expert: The placement of security solutions on a network
  • Best Web Links: Infrastructure and Network Security
  • Featured Topic: Network security

  • This was last published in March 2003

    Dig Deeper on Network Access Control technologies

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.