Can anyone suggest ideas for the following situation? Ideally a software only solution would be great, although I think I'm resigned to a physically seperate network to some extent.....anyway here's the deal:
We have an office network, and as part of the company's work we often get laptops and PC's in to the office to repair/upgrade, and visitors asking if they can plug laptops in to the network.
We have never really been confortable allowing this, and do a few sanity checks before connecting a PC, as well as monitoring them for suspicious activity thru server tools and having a quick look at the machine ourselves.
What I would like to do is have a sandboxed bit of network where we can plug in an unknown PC and allow it to have internet access (to update virus definitions for example) and ideally file sharing access so that a visitor can use our printers, shares etc.
Anyone done something similar? The first thing that comes to mind id to put a smoothwall or similar box between our network and the "unknown" network, and allow only port 80 through. Sometimes though, it would be really good to allow file sharing....maybe by opening smb ports to specific machines only?
Ideas would be appreciated!
Allun