The place where i work has a few people who have laptops and PDAs. We have antivirus, firewall, etc when you are connected to the network. What we are looking for is a software for these portable devices that will scan for viruses and stuff before they connect to our network via VPN or other means. Once they connect our virus scan will take over but we are trying to get an extra level of protection so that they will be detected beforehand. Any suggestions on software? I have come across a few different things but am not sure what to go with. I appreciate any help you can give me.
You may be interested in Cisco network access control
here is a blurb from the link below:
Network Admission Control is a set of technologies and solutions built on an industry initiative led by Cisco Systems?. NAC has been designed specifically to help ensure that all wired and wireless endpoint devices (such as PCs, laptops, servers, and PDAs) accessing network resources are adequately protected from security threats. NAC allows organizations to analyze and control all devices coming into the network. By ensuring that every endpoint device complies with corporate security policy and is running the latest and most relevant security protections, organizations can significantly reduce or eliminate endpoint devices as a common source of infection or network compromise. NAC is part of the Cisco Self-Defending Network, a strategy to dramatically improve the network's ability to automatically identify, prevent, and adapt to security threats.
Eric is right on the money. If you want extra protection, look into the Cisco CSA agent to use with antivirus products that have been tested with Cisco NAC. While in a quarentine state, NAC can verify that the virus definitions are current and that antivirus is running before alowing network connectivity. That only other thing that might help is if NAC can force a client to do a full or partial self scan while the client is still in quarentine, which might meet your requirements. I do not know if you can trigger a forced scan like that, but you can verify signature versions which is almost as good.