How to audit security on Remote Employees' PCs?

We have several remote developers who are working on our code and have access to our FTP server. Recently someone copied an infected file to the FTP server and virus spread throughout the whole FTP server. We can't install antivirus on the FTP server.

We can't force people to install an Internet Security Tool (e.g. Norton, Gdata, Kaspersky) on every machine because most of our remote employees have their own computers and own software. So I am looking for some audit tool - I want to make employees test their own computer once in a while.

I know there is "Trojan Remover" which scans the computer. Is it enough or maybe you can recommend better solution?


Solution 1:

Solving this the way you describe is more a management/policy issue than an IT issue. As the problematic machines are outside of your sphere of control there's not an easy tech solution for that.

A few suggestions though of things you can do:

  1. Have any person who has access to your VPN/remote servers/etc sign something stating they have taken adequate precautions and run anti virus etc.
  2. Run a gateway anti virus on your network to catch these things as they come in.
  3. Find a way to install anti virus on the FTP server! I know you say you can't, but maybe that in itself is an issue. There are a myriad of anti virus programs available for Windows, and there's also several for Linux. If you are running a Linux FTP server, try ClamAV. It's available in most distro repos.

Solution 2:

Well, no way to do that.

There are 2 ways that make sense:

  • Either force users to audit their machines. Windows has a mechanism for that on their VPN system which can make a check whether the machine is "known patch level".
  • Or keep them out of your network and make them work on a terminal server / virtual machine, which means you control the system.

Between the two there is nothing left. Not forcing them to install proper software and them not running on a machine controlled by you means that you have a high security hole that you cannot close.

Solution 3:

You should find a way to get an anti-virus running, this is your best option. You might get threats in from other places than your people uploading files to it.

It's like getting a venereal disease and saying "Well I got infected, but a condom just isn't an option"

If you can't install an AV on your own server, that means something is wrong with your policy or setup.