# How to protect our network.



## AaronBHS (Aug 18, 2011)

We are a non-profit organization that is heavily reliant on interns that use their own laptops a lot here. My concern is they come in and connect to our wireless network with no supervision or anything else. I am worried they will introduce a virus, trojan, or something to our network.

Any ideas what the best way to keep them from introducing unwanted malware from a thumb drive, virus in email, or something to that effect shy of standing over them while they install and run an antivirus software?

Thanks for the help in advance.


----------



## Basementgeek (Feb 7, 2005)

Hi:

I am going to move this to our Security and Firewalls

Security and Firewalls - Tech Support Forum

BG


----------



## sobeit (Nov 11, 2007)

do they have access to other computers on the network?


----------



## Wand3r3r (Sep 17, 2010)

AaronBHS can you tell us the network topology [how everthing connects to each other] and why the interns are using their laptops on your network. Do they need them to do their job?


----------



## AaronBHS (Aug 18, 2011)

They are using their laptops because we do not have the means to provide them with workstations and they need to be online for social media and graphic design. Thus they really dont have access to other workstations because they are occupied by the employees.

We have about 40 workstations with 1 NAS server and 1 DNS/DHCP/AD Server and a couple wireless routers.


----------



## Wand3r3r (Sep 17, 2010)

"they need to be online for social media and graphic design"

I am going to assume the graphic design is done locally via software on their laptops.

I would set this up as follows:

Two networks: one private one guest
I would put a storage box in [pc] with two network cards. One card connected to the private network and one card on the guest network.

This would be the depository for their graphic work which could be reviewed/transferred to the private network.

Topology wise it would look like this:

modem<>guest router with guest connections<>private router with the employee connections/servers. A network cable would go from each router/switch to the inbetween pc.

Each router would be in its own ip subnet.

The guest network would never touch the private network but you could still get their graphic design files via the shared pc. Shared pc would have updated AV on it of course.


----------



## AaronBHS (Aug 18, 2011)

Thanks for the input Wand3r3r, I might try this out.

And yes, I am not stupid, they do the graphic design on their PCs with software but they get a lot of the images they use from the web.


----------



## Wand3r3r (Sep 17, 2010)

You certainly can't be stupid since you are posting here 

Fortunately images don't contain virus's or hacker tools. Risk is more what comes with the laptop like if they do torrent downloads, etc

You certainly want to keep all of your devices updated concerning antivirus updates.

Best of luck


----------

