How to block malware coming over VPN

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to block malware coming over VPN

L3 Networker

Last week we had an internal user that was infected with CryptoLocker. Our users get through GPO network drives and also some of the files on these drivers were infected. We could disinfect the system and the files and we generated a GPO so no malware can be run from %appdata% and we also did some other changes. The only thing I'm afraid about is when external users login with there personal laptop (that is infected) to the VPN and they map a network drive, a virus can be spread out. We can't deploy GPO to an external user his/her laptop. What is the best solution?

1 accepted solution

Accepted Solutions

L5 Sessionator

Hello Zebit,

 

one of the ways you can handle this is to enforce HIP checks on their devices and ensure that they have latest antivirus updates, OS updates, etc. By using HIP you can separate users or deny them access to sensitive network areas until they improve their security posture, whatever your criteria was.

 

Regardless of HIP checks, your VPN/GP users will be arriving to a separate network pool. It is easy and practical to put them in their own separate zone, and than apply rules for communication between different zones as you would with any other traffic. Just create a policy for access from the VPN zone towards the DMZ (or wherever your servers are) and apply anti-virus and other security profiles onto the given policy.

 

Here are a few documents that might give you more information on this topic all in all, if you need them: https://live.paloaltonetworks.com/t5/Articles/Security-Policy-Quick-Reference-Resource-List/ta-p/546...

 

If you need more info, just ask here 🙂

 

Best regards

 

Luciano

View solution in original post

1 REPLY 1

L5 Sessionator

Hello Zebit,

 

one of the ways you can handle this is to enforce HIP checks on their devices and ensure that they have latest antivirus updates, OS updates, etc. By using HIP you can separate users or deny them access to sensitive network areas until they improve their security posture, whatever your criteria was.

 

Regardless of HIP checks, your VPN/GP users will be arriving to a separate network pool. It is easy and practical to put them in their own separate zone, and than apply rules for communication between different zones as you would with any other traffic. Just create a policy for access from the VPN zone towards the DMZ (or wherever your servers are) and apply anti-virus and other security profiles onto the given policy.

 

Here are a few documents that might give you more information on this topic all in all, if you need them: https://live.paloaltonetworks.com/t5/Articles/Security-Policy-Quick-Reference-Resource-List/ta-p/546...

 

If you need more info, just ask here 🙂

 

Best regards

 

Luciano

  • 1 accepted solution
  • 2436 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!