 |
Experts on Demand
We get visitors at our facilities that tend to bring their own laptops with them. We would like to figure out a way to scan those laptops for pests, viruses, etc. before putting them on our network. Some of these offices are remote. We have Cisco 2600 routers at every location. Maybe I'm not on the right track, but I thought we could designate a port to scan the machine but I'm not sure of how to do that?
QUESTION POSED ON: 06 JUL 2006
QUESTION ANSWERED BY: Mike Rothman
It would be very labor intensive to try to do this using router access control lists and other firewall rules. What you are looking for is called "pre-admission control" and is a key feature of NAC (network access control). Your best bet is to put all of those open ports (that an external party would connect to) on a specific VLAN and route all of that traffic through an SSL VPN box that could do the scanning and also enforce policy. Some of the NAC vendors (including Cisco) also have equipment that detects whether a device is "known" and if not, will initiate a scan.
|
|
|
|
|
|
|
|
| TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of . |
|
| |
All Rights Reserved, , TechTarget |
|
|
|
|
|
