You mean other than running a rogue DHCP server, tossing malware exploits at unpatched machines, portscanning, DOS attacks, etc? :-) I always did like Steve Riley's concept of leaving the network open but protecting the resources with IPSec, myself... Now, with NAP and the like, there's a lot you can do to isolate unmanaged machines. I like the WAP in the DMZ thing, too. As a consultant, I've had clients where I could put a machine on the network and clients where I couldn't. I've learned to keep my tools accessible from the internet so I can be put on a client machine and suffer very limited functionality...
*********************** Charlie Kaiser [email protected] Kingman, AZ *********************** > -----Original Message----- > From: Dennis Krebs [mailto:[email protected]] > Sent: Monday, December 07, 2009 2:30 PM > To: NT System Admin Issues > Subject: RE: Consultant PC on your network > > Is there really a concern if the user never authenticates > with a domain controller and thus doesn't have permissions to > do anything? > > > > -- > > Dennis Krebs > > 610-696-7700 x193 > > > > From: David Lum [mailto:[email protected]] > Sent: Monday, December 07, 2009 11:45 AM > To: NT System Admin Issues > Subject: Consultant PC on your network > > > > What process do you guys use for allowing a consultant to put > their PC on your "wire"? Surely there are some questions > needing to be asked, like does it have AV and is patched, > probably need to make sure it's not running some DHCP or > other service that might disrupt your network, right? > > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 // (Cell) 503.267.9764 > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
