I'm assuming that this machine is not a laptop? Laptops would be the exception, other than that, I absolutely agree that a workstation should never have a public ip address assigned.
What kind of compliance are you under. At the very least I would think PCI and probably more. You have a pretty good case of a user not following best practices and depending on your organization, not following stated rules/guidelines. Certainly at least a warning to this guy is warranted, and possibly disciplinary action as well. Looks like you're going to have some fun eh? On Fri, Mar 12, 2010 at 9:39 AM, David Mazzaccaro < [email protected]> wrote: > Well, that makes me feel a little better. > However...now to the problem of this guy not using a firewall/router. > Would you agree that a machine should NEVER have a public address assigned? > > > > ------------------------------ > *From:* Sherry Abercrombie [mailto:[email protected]] > *Sent:* Friday, March 12, 2010 10:36 AM > > *To:* NT System Admin Issues > *Subject:* Re: Vipre - how is this possible? > > I don't think that it was routed on your network, just reported by Vipre. > Probably what happened was that Vipre saw the agent on there, and reported > it before the machine got a DHCP address. Vipre acts pretty fast on > machines booting up on the network in my observation. We have non laptop > machines that connect via VPN have Vipre Home Edition on them, so they never > actually show up in my Vipre console. If it's a laptop, it has Vipre > Enterprise on it. > > On Fri, Mar 12, 2010 at 9:28 AM, David Mazzaccaro < > [email protected]> wrote: > >> Not a DMZ address... my VPN addresses are all 172.16.x.x and always show >> up in Vipre w/ those addresses. >> >> I wonder if this guy connected directly to some outside internet >> connection (no firewall, router) and got a public IP (which this is), then >> brought his laptop in to the office and somehow vipre used that IP? I have >> no idea how it could have gotten routed on my internet work though?!?! >> Or maybe it didn't get routed, just reported??? >> >> My biggest worry is that somehow it DID connect to the Vipre server... >> that would be bad. >> >> >> >> ------------------------------ >> *From:* Sherry Abercrombie [mailto:[email protected]] >> *Sent:* Friday, March 12, 2010 10:18 AM >> >> *To:* NT System Admin Issues >> *Subject:* Re: Vipre - how is this possible? >> >> At some point it was on your wire and got assimilated by Vipre. Because >> it's status is inactive it's not being managed by Vipre. I see this all the >> time especially with laptops. >> >> Is this a DMZ ip address? Does this machine have multiple nics with >> different ip addresses? >> >> On Fri, Mar 12, 2010 at 8:59 AM, David Mazzaccaro < >> [email protected]> wrote: >> >>> Hi all, >>> >>> I am very confused/concerned as to how a computer w/ an external IP >>> address got listed in my Vipre v3 console... >>> Any ideas? >>> >>> [image: Picture (Device Independent Bitmap)] >>> >>> I do not have "update from the internet" checked for the policy that this >>> computer belongs to, nor do I have Vipre ports open on my firewall: >>> >>> [image: Picture (Device Independent Bitmap)] >>> >>> >>> >>> . >>> >>> >>> >>> >>> >>> >> >> >> -- >> Sherry Abercrombie >> >> "Any sufficiently advanced technology is indistinguishable from magic." >> Arthur C. Clarke >> >> >> >> >> >> >> . >> >> >> >> >> >> > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > > . > > > > > > -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
