Re: non domain computers on network

Thanks Paul,
I know how ugly the politcs can get and that is why I am being careful and
asking for a purely technical arguement against this practice
I need a couple of those thousands of reasons - budget wise it is cheaper,
that won't work. I need the security reasons spelled out - links are fine I
am not lazy about research I just have not found what I need in this case.

As to bad things turning ugly quickly - that is what will happen if the
network is damaged and I have not done a CYA. Or CMA in this case I guess.
I want to email the Home Office IT and say that I do not want non-domain
computers hooked up to the LAN because of the threat of 1).... 2).......
3)...... the threat is security and virus etc attacks. I would like to know
what specific threats there are to prove my points. Then if they say - well
make exceptions - it is not my fault. Or if I say no - I have the
documentation to back it up to the users. If they hook up anyway and I am
forced into making that exception then at least my A is not grass for not
stating my case.

We have VLAN's , we have several here and others in the regional offices.
I am working in Kabul, my problem is with Home Office staff- short term
assignments that want to use their own PC and more often with short term
consultants (spoiled bunch for the most part) that do not want to "learn" a
new computer and bring thier PC with them and plug into the LAN. The
offices are all wired LAN at 1 GB. They are all welcome to use them on the
VLAN's and we help set them up (guest houses) it it their insistance on
plugging them into the office LAN that is giving me sleepless nights. It is
politcs and I need information to win this one. Or at least information to
make it "I told you not to" when and if something goes wrong.
Yes, they could -definitely- cause problems and this is a big risk. - What
are the problems? I have to be specific to fight this.
Please anyone, the name of a specific virus or trojan or other threat that
connecting a non-domain computer to the windows domaiin LAN can cause.

Thanks
Linda



"Paul Weterings" <Paul-nospam-@syncpuls-dot-com> wrote in message
news:47dda60b$0$7555$e4fe514c@xxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Linda,

Yes, they could -definitely- cause problems and this is a big risk. You
mentioned the politics, so you are looking for a technical solution for a
management problem. Be very careful on how you approach this, as these
kind of things tend to turn ugly -quickly-, and guess who they will find
to blame.

My experience tells me sometimes its better just to say "Nope, sorry we
can't do that". If challenged on that you'll be able to find thousands of
reasons of why it cant be done, budget wise, security wise etc.

Have said all that (and yes, I know you knew all that ;-) the only
technical solution that seems to make a little sens is to get these
computers on their separate VLAN, and have then connected to the printers
that way, then make them print to the IP port of the printer directly,
instead of going through servers. (assuming these are network printers).

Good luck with the politics....!

Paul

Linda Marie wrote:
We have a couple of users (visitors) that insist on using their personal
computers on our windows 2003 network. Politics - so don't ask - believe
me you don't want to know.
They of course can surf the Internet (DHCP) and get their personal email
through Outlook or on the web. Now of course they want to print to the
network printers.
Is there any security issue with them just being on the network? I don't
know of any virus' etc. that can be spread unless they access the server
which they cannot do. I have no control over antivirus or anti-malware
on these machines so it make me nervous.
We will supply them with computers for the duration of their visit but
they don't want to use them. And I don't want to support non-domain
computers - we have enough to do, so I would be happy to hear that they
may be a security problem with using these computers. They run under the
local administrator accounts on their machines I am sure. So if they
have a virus or tojan etc. could it cause problems on our domain and be
spread since they are on the LAN?

Thanks
Linda


.

Relevant Pages

  • Re: Disabling Network Browsing
    ... that resource by other computers on the LAN? ... But this is a form of Security By Obscurity. ...
    (microsoft.public.windowsxp.network_web)
  • DMZ Question
    ... any of its resources (printers and files) be shared by computers on the ... if computers on the LAN can share those ... resources, can those resources be protected from use by anyone anywhere? ...
    (microsoft.public.windowsxp.network_web)
  • RE: [Full-Disclosure] Insecurity in Finnish parlament (computers)
    ... > It is unlikely that all the computers have the same security ... > (both in TeliaSonera and in our parlament). ... Red herring. ...
    (Full-Disclosure)
  • Re: Basic Security Help
    ... a network is weak or no passwords followed by malicious user on your ... -- Use password policy to enforce strong passwords in the domain by enabling ... -- Be sure that computers are kept current of critical security updates from ... Windows Updates or using a SUS server to authorize and distribute security ...
    (microsoft.public.security)
  • RE: Why Easy To Use Software Is Putting You At Risk
    ... Can Easy To Use Software Also Be Secure ... Anyone who has been working with computers for a long time will have noticed ... because DNS does not configure properly or security permissions are relaxed ... guarantee that no one really knows for sure, not even Microsoft developers. ...
    (Security-Basics)