We have taken a low-tech approach to this for the time being. We installed a cable modem in our data center as a stand-alone internet connection. We use it for testing most of the time. But when there is a demo or someone from the outside needs access, we connect the machine into this internet connection from any network drop in our main office. If they need wireless access, we throw up an unsecured WAP and they have access to the Internet. This works if they only need access to the Internet and not our intranet. If they do we have them use one of our systems.
The only caveat to this system is that it does require some IT intervention but I would rather that than chase a virus. Brian -----Original Message----- From: Fuller, Stuart [mailto:[EMAIL PROTECTED] Sent: Monday, November 22, 2004 2:06 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] virus/worm Talk to the Cisco people about Cisco ACS, dynamic VLANs, and some of their access control stuff in their switches. In one of our sites, if your MAC address isn't in the special list on the switch you get booted to an VLAN that only has Internet access. Network "quarantine" is a relatively new concept but more products are coming out to handle just the situation that you are experiencing. -----Original Message----- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Monday, November 22, 2004 2:52 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] virus/worm I suggested the vlan solution,but these guys move around alot and the sales managers sometimes want a meeting in their office,sometimes in another office,etc Since the sales guys generate all the profit,everyone kinda cowtows to them. Noone wants to inconvienve them. so i'm looking for a solution that goes around the roaming virii users without making them change. sigh... thanks -----Original Message----- From: Paul van Geldrop [mailto:[EMAIL PROTECTED] Sent: Monday, November 22, 2004 4:41 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] virus/worm Even though that first line might sound rather amusing, it might just be the trick to get things done.. it's amazing how management can decide to .. bend the rules, let us say, when it concerns their own daily routines. Consider placing the laptops in a restricted VLAN. This might require that you get some procedures OKed regarding access and availability, but it'll be worth it. If you're going to invite a load of foodhungry virii into your network, at least make sure they only get to feed on themselves. Regards, Paul. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ASB Sent: Monday, November 22, 2004 9:34 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] virus/worm Wait until your bosses machine gets infected. Maybe that's what it will take to get the policy changed. And you should try using another AV product if the current one is not keeping your systems cleaned from known viruses. How are you cleaning them when you find them? (read: are you sure you're actually cleaning them?) -ASB On Mon, 22 Nov 2004 15:27:58 -0500, Kern, Tom <[EMAIL PROTECTED]> wrote: > Hi all. I am having a serious issue with bot type worms that keep infecting my machines over and over. It doesn't matter that I'm fully patched and my virus defs are up to date. > I use Symantec Corporate Edition 9.0 in a win2k mixed mode AD enviroment. My machines all have the most up to date patches and hot fixes. > I have seen machines that are up to date in everything get reinfected time and time again. The worm is a varient of what Symantec calls Spybot.worm32. It usually creates a exe in system32 called Explorer.exe or 386.exe or svchosting.exe and no matter the defs it slips by Symantec. > > This is a posting perhaps better sent to a virus or Symantec list,but you guys seem really knowldgeable and I'd like to pick your collective brains about how to deal with this issue. > I assume its getting in via laptop users wh take their pc's home at nite or some of our traveling sales guys,but if my desktops are up to date and patched,they should'nt get infected. > No? > Am I being naive? > > Finally,we are a liqour distributor and alot of times we have suppliers from other companies come in with laptops that give powerpoint presentations and access our internet connection. These guys are from elsewhere so they don't have accounts in our domain and thus log in locally. > How can i protect myself against these guys? Management insits they be allowed to do their thing with their laptops on our network when they come in and since they don't log into our domain,I can't even push out a GPO and I'm at the mercy of these guys and what hteir IT dept did or did not do. > Help! > > Thanks alot. If I can get a solution to just one of these 2 questions,I'll be a happy man. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
