If I dial into the company with my private notebook via VPN, then you can inject viruses, right?
How to ensure the way or can make sure that no viruses are transported from A to B?
Are there any hardware solutions or tools or consoles?
The way
My notebook → VPN → Firewall of the company → Company
That's why private devices are not allowed in the company network…
All in your opinion!
How do you ensure it anyway? There will be ways or devices.
There's a possibility, for example, by scanning stations of IT with sandbox environment, outside of the network.
Your device will be completely checked out and after sharing the IT you can use it.
We have something for USB sticks.
If external users come, they must connect their USB sticks to a device, the sticks are checked and receive a checksum as an ID. If the USB sticks are then connected to devices, the ID is queried in the database. If that fits, data will be transferred.
When leaving the company, the sticks must be reconnected to the device and the checksum is removed. As long as the checksum is on, the sticks can only be connected to our company devices.
VLAN. If it has to be BYOD. Generally this should be banned.
Stupid question that helps in the question how?
In which one thinks. You can't just check USB sticks like that. You can also provide a laptop with a checksum after checking and if it then connects to the network, it will only be routed through if the checksum is correct.
A separate Vlan helps in the question even only conditionally, since the tunnel-tunneled computer yes accesses data and thus has at least one other computer in contact, which then other and often all computer sees. But probably all sensitive data are already on computer 1 ,
Therefore, I agree with you and would advise against it. If contact needs to be from the outside, I would rely on a solution alla remote over VPN.
BYOD always carries a few additional risks that one would not have with enterprise devices.
One can conclude user agreements that regulate the responsibilities. You can make technical arrangements that limit the risks, maybe even BYOD insurance. But as euphoric as a few years ago BYOD is no longer on the way.
But there are also alternative models such as CYOD (choose your own device) or COPE (corporate owned, personally enabled).
Or something like Citrix XenApp, that the private device is just a graphics terminal.
No, that is not possible with the question. If you think a little bit, you'll find out why.
But if the servers are not secured, then no VLAN is needed.
Then BYOD is the smallest problem.
Your own question? Fascinating, you humans
