A Policy to Prevent Outsider Attacks on the Local Network

We used to be able to say, 'If the laptop or computer is not owned by us then it is not allowed to touch our network.' However over the last few years business need has exceeded the desire to keep our network 'pure' and many non-agency owned computers now have access to our local area network (LAN). Our Windows based agency owned computers run fully configured heuristically enabled daily updated virus protection. Our automated inventory system queries the status of this software and we remedy any below standard computers. Prior to the installation of our Software Update Services (SUS) server these same Windows based computers had current operating system (OS) security patches and service packs installed. These procedures create a fragile wall of protection as the wall is only as strong as the most current software updates make it. And most of the contractor computers are Windows based laptops that do not log on to our domain and are thus unaffected or unnoticed by our automated systems. However our network and the systems on our network are vulnerable to attack by any new malicious code launched internally by these contractor computers. As part of our Defense in Depth strategy we also utilize a network based Intrusion Detection System (IDS).