This would NOT be a good idea. First of all, it puts you into a purely reactive (as opposed to proactive) position, you’ll forever be playing catch up.
Second, I doubt very much that it would work without also crippling your production network. After all, a worm just uses the existing network connections just as do your servers and workstations.
As to what you SHOULD be doing, (whether or not your management is allowing the budgeting for this or not).
- Make sure that all systems – especially those that travel have current anti-virus with automated updating. All respectable vendors have this capability. BUT the travelling ones need stand-alone anti-virus, not the corporate version, because there’s no guarantee that they’ll be on-line when the central server needs to do a push of new definitions or other updates.
- Install an IDS (A free one like snort) with the bleeding-snort rules to look for anomalous traffic.
- Spend some time (again – management support is essential) educating your users.
If your management doesn’t want to support these efforts and expenditures, then point out to them that they’re handcuffing you into a relatively helpless position.
Good luck – you’ll need it,