Re: Enforce Virus Scanning software on home PCs

[SMiller () unimin com]

My experience is that attempting to use technology to solve "people
problems" frequently does not prognosticate for success. I do not know of
any way to accomplish what you ask that is not complicated. Is there a
corporate policy stating that only company-provided computers may be used
to connect to corporate networks? If not there should be. Absent a policy,
I would write a memo explaining the risks to your boss and top executive
management that states that the security of the network cannot be
guaranteed under the circumstances. That's CYA and I do not like it, but
sometimes such things are necessary:( Once you get the required support for
disallowing employee owned computers from the network, you can concentrate
on a] a fail-resistant program to ensure that the company-issued laptops
are kept compliant and up to date, and b] an authentication method to be
sure that the computer requesting connection is one of the tested laptops.
There are any number of ways to do b]

Scott Miller



                                                                                                                        
   
                      Craig                                                                                             
   
                      Brauckmiller             To:       security-basics () securityfocus com                           
      
                      <c_brauckmiller@l        cc:                                                                      
   
                      ek.com>                  Subject:  Enforce Virus Scanning software on home PCs                    
   
                                                                                                                        
   
                      05/28/2003 09:53                                                                                  
   
                      PM                                                                                                
   
                                                                                                                        
   
                                                                                                                        
   






Our company is in the grips of an issue we wish we didn't have to deal

with.  Our VPs insist on using their own home PCs despite the fact that we

give them corporate laptops.



We want to prevent users from connecting to the corporate LAN if they

don't have a personal firewall installed as well as an up to date virus

scanner package.



We use Cisco VPN 3000 concentrators with the 3.6x vpn client.

We use Zone Labs Zone Alarm Pro 3.7

We use McAfee virus scan 4.5.1 with latest super dats.



Based on this info, is there a way we can prevent users from accessing the

LAN if the virus software is not installed or up to date?



We can prevent them from connecting if they don't have the firewall

installed...its the virus stuff that has us stumped.



Thanks for the help in advance.



Craig Brauckmiller

---------------------------------------------------------------------------
----------------------------------------------------------------------------








---------------------------------------------------------------------------
----------------------------------------------------------------------------