That's refreshing to hear that whoever had the authority in that situation also had a brain.
I wonder how tricky it would have been to set up a MAC- and plug-location-based VLAN to isolate those devices onto, with a very very carefully locked down machine sitting between the devices and the rest of the network. Deep packet inspecting firewall, copious logging, antivirus turned up to 11, the works.
I ask because I'm curious how well a theoretical setup like the above would have worked out for the described scenario - I'm sure there are similar environments where it may be impossible to get having no network approved by management.
I wonder how tricky it would have been to set up a MAC- and plug-location-based VLAN to isolate those devices onto, with a very very carefully locked down machine sitting between the devices and the rest of the network. Deep packet inspecting firewall, copious logging, antivirus turned up to 11, the works.
I ask because I'm curious how well a theoretical setup like the above would have worked out for the described scenario - I'm sure there are similar environments where it may be impossible to get having no network approved by management.