One of the easiest and arguably most prevalent ways for nefarious software or Internet users to creep onto your network is not through holes in your firewall, or brute-force password attacks, or anything else that might occur at your corporate headquarters or campus. It’s through your mobile users, when they try to connect to your business network while on the road.
Consider why that is the case. Most remote users are authenticated only on the basis of their identity; no effort is made to verify that their hardware and software meet a certain baseline requirement. Remote users could, and do everyday, fail any or all of the following guidelines discussed next.
The latest service pack and the latest security hotfixes are installed.
The corporation-standard antivirus software is installed and running and the latest signature files are being used.
Internet or network routing is disabled.
Windows XP’s ICF, or any other approved firewall, is installed, enabled, and actively protecting ports on the computer.
You would expect your business desktops to follow policy, but in the past, mobile users have traditionally been forgotten or grudgingly accepted as exceptions to the rule. However, Windows Server 2003 includes a new feature in its Resource Kit, called Network Access Quarantine Control (NAQC), which allows you to prevent remote users from connecting to your network with machines that aren’t up-to-date and secure. NAQC provides a different sort of security ...