How to block malware coming over VPN

ZEBIT — Thu, 20 Aug 2015 06:24:15 GMT

Last week we had an internal user that was infected with CryptoLocker. Our users get through GPO network drives and also some of the files on these drivers were infected. We could disinfect the system and the files and we generated a GPO so no malware can be run from %appdata% and we also did some other changes. The only thing I'm afraid about is when external users login with there personal laptop (that is infected) to the VPN and they map a network drive, a virus can be spread out. We can't deploy GPO to an external user his/her laptop. What is the best solution?

Re: How to block malware coming over VPN

Lucky — Thu, 20 Aug 2015 08:28:19 GMT

Hello Zebit,

one of the ways you can handle this is to enforce HIP checks on their devices and ensure that they have latest antivirus updates, OS updates, etc. By using HIP you can separate users or deny them access to sensitive network areas until they improve their security posture, whatever your criteria was.

Regardless of HIP checks, your VPN/GP users will be arriving to a separate network pool. It is easy and practical to put them in their own separate zone, and than apply rules for communication between different zones as you would with any other traffic. Just create a policy for access from the VPN zone towards the DMZ (or wherever your servers are) and apply anti-virus and other security profiles onto the given policy.

Here are a few documents that might give you more information on this topic all in all, if you need them: https://live.paloaltonetworks.com/t5/Articles/Security-Policy-Quick-Reference-Resource-List/ta-p/54619

If you need more info, just ask here 🙂

Best regards

Luciano

topic How to block malware coming over VPN in General Topics

How to block malware coming over VPN

Re: How to block malware coming over VPN