08-19-2015 11:24 PM
Last week we had an internal user that was infected with CryptoLocker. Our users get through GPO network drives and also some of the files on these drivers were infected. We could disinfect the system and the files and we generated a GPO so no malware can be run from %appdata% and we also did some other changes. The only thing I'm afraid about is when external users login with there personal laptop (that is infected) to the VPN and they map a network drive, a virus can be spread out. We can't deploy GPO to an external user his/her laptop. What is the best solution?
08-20-2015 01:11 AM - edited 08-20-2015 01:28 AM
Hello Zebit,
one of the ways you can handle this is to enforce HIP checks on their devices and ensure that they have latest antivirus updates, OS updates, etc. By using HIP you can separate users or deny them access to sensitive network areas until they improve their security posture, whatever your criteria was.
Regardless of HIP checks, your VPN/GP users will be arriving to a separate network pool. It is easy and practical to put them in their own separate zone, and than apply rules for communication between different zones as you would with any other traffic. Just create a policy for access from the VPN zone towards the DMZ (or wherever your servers are) and apply anti-virus and other security profiles onto the given policy.
Here are a few documents that might give you more information on this topic all in all, if you need them: https://live.paloaltonetworks.com/t5/Articles/Security-Policy-Quick-Reference-Resource-List/ta-p/546...
If you need more info, just ask here 🙂
Best regards
Luciano
08-20-2015 01:11 AM - edited 08-20-2015 01:28 AM
Hello Zebit,
one of the ways you can handle this is to enforce HIP checks on their devices and ensure that they have latest antivirus updates, OS updates, etc. By using HIP you can separate users or deny them access to sensitive network areas until they improve their security posture, whatever your criteria was.
Regardless of HIP checks, your VPN/GP users will be arriving to a separate network pool. It is easy and practical to put them in their own separate zone, and than apply rules for communication between different zones as you would with any other traffic. Just create a policy for access from the VPN zone towards the DMZ (or wherever your servers are) and apply anti-virus and other security profiles onto the given policy.
Here are a few documents that might give you more information on this topic all in all, if you need them: https://live.paloaltonetworks.com/t5/Articles/Security-Policy-Quick-Reference-Resource-List/ta-p/546...
If you need more info, just ask here 🙂
Best regards
Luciano
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
