Re: non domain computers on network


"Linda Marie" <2lm@xxxxxxxxxxx> skrev i meddelandet
news:O5JmM1shIHA.3400@xxxxxxxxxxxxxxxxxxxxxxx
We have a couple of users (visitors) that insist on using their personal
computers on our windows 2003 network. Politics - so don't ask - believe
me you don't want to know.
They of course can surf the Internet (DHCP) and get their personal email
through Outlook or on the web. Now of course they want to print to the
network printers.
Is there any security issue with them just being on the network? I don't
know of any virus' etc. that can be spread unless they access the server
which they cannot do. I have no control over antivirus or anti-malware on
these machines so it make me nervous.
We will supply them with computers for the duration of their visit but
they don't want to use them. And I don't want to support non-domain
computers - we have enough to do, so I would be happy to hear that they
may be a security problem with using these computers. They run under the
local administrator accounts on their machines I am sure. So if they have
a virus or tojan etc. could it cause problems on our domain and be spread
since they are on the LAN?

Thanks
Linda


As you don't have control over their antivirus/firewall etc, you don't know
if they contain any kind of worm,backdoor etc which can be used for
attacking your network from the inside of your surrounding firewall..
Even if your servers aren't directly attacked, a hacker can first attack
your (weaker) workstations to get access to your Windows-network.
Have you ensured that all services on your servers are protected against any
kind of attack? For example, running services as service accounts instead of
bultin local system.
Disabled/uninstalled unnecessary services?
Risk for SQL-injections or DDOS-attacks?

A user should *never* have administrative rights in their normal work. This
is a security risk that should be avoided, and instead use 'runas' when they
nead to get temporary administrative rights.
Running as administrator will give the user full control of the local system
and gives the possibility for trojans,viruses etc to be installed in the
background.

/Henrik


.

Relevant Pages

  • Re: non domain computers on network
    ... personal computers on our windows 2003 network. ... We will supply them with computers for the duration of their visit ... attack your workstations to get access to your ... A user should *never* have administrative rights in their normal ...
    (microsoft.public.windows.server.networking)
  • Re: Why not patch all windows and not just legal copies
    ... Security is about reducing attack surfaces, ... dont patch ... Can we harden Windows to resist arbitrary attacks? ... of windows the ability to patch their computers. ...
    (microsoft.public.security)
  • Re: Why not patch all windows and not just legal copies
    ... Security is about reducing attack surfaces, ... dont patch ... Can we harden Windows to resist arbitrary attacks? ... windows the ability to patch their computers. ...
    (microsoft.public.security)
  • Re: Way OT Computer Security
    ... China and has serious effects. ... A router can handle an incoming attack and probes much better ... to store malicious code in the PC's BIOS flash memory. ... most home computers are used for game playing, ...
    (alt.support.diabetes)
  • Re: Message from my ISP
    ... >> control of another person's computer, and uses it to log on to DALnet ... while spreading itself to other computers. ... >> whole thing down pretty difficult, especially with such a crude attack ... >> lasting damage would come from it. ...
    (comp.security.misc)
Loading