How does everyone secure their network from insider 'outsider' access? When I say outsider, I'm talking about people giving presentations, consultants and others who are supposed to be in your office but are requesting Internet access. Do you have a strict policy to forbid them access entirely? Have some way to give them limited access? Any other policies?

We have some inventory software that scans our network and will show when other workgroups/domains have been connected. It came up recently and I brought this to the attention of our IT Director stating that some other computers had been connected to our network. She asked for some suggestions on how to control this, so I figured I'd ask here to see what everyone else does. My thoughts are to hook up a switch or wireless access point to a separate port on our firewall and just segment all the traffic off from the internal network. That way they can get access to the Internet, but nothing else. If it were my choice, I wouldn't even allow them to connect but I don't think that will fly

BillV

Thanks

If we do the wireless it won't be open and we'll probably change the password fairly frequently so anyone wanting access will have to come ask us. That way anyone wanting access will be required to come through us first

Billv,

we have a seperate wireless system for outsiders. It runs through a proxy requiring a 'voucher' to bypass the landing page. If a third party needs internet access they get a time-limited voucher, if an employee needs access they get the (frequently changed) WPA key. Keeps the two sets isolated nicely.

Maybe for wired connections you could set up a switch connected to a restricted access vlan, then you could attach a wireless access point configured, as others have suggested, to provide a separate wireless network to this switch. That should be nice and secure.