Guest Lynnex1138 Posted March 2, 2009 Posted March 2, 2009 Hello, I oversee a small (>150) network of PCs and a couple of Macs. We are a non-profit health care facility that has clients in and out all day using the computers. The majority of our computers are old, P4's some with 256k fo ram running windows 2000 sp4.Most of our users log in with a common userid that gives them very limited rights on the network however most of what they do is surf the web and most of this is not business related but done for entertainment. We have alot of people who want to download music, look at porn, chat, download and install programs like limewire and upload to file sharing sites. When I started working here there was virtually no security or web filter in place. We have the following: The lowest level content filter from the sonic wall pro 2040 Symantec antivirus 10.0.1 Last fall we were blacklisted due to a trojan sending out emails. We scanned all our machines and found several viruses not detected by our anti-virus program. I am always finding various trojans on the network. Right now, I have done the following: enacted group policies to prevent downloads and installations disabled floppy, cd-rom and usb drives blocked all chat and instant messaging Allow personal computers to access the network only under IT supervision Blocked smtp on all machines except our mail server I am testing websense as a content filter and hope to be able to use it so I can block streaming video and a whole host of other stuff our old content filter doesn't cover. I am also wondering if there are better anti-virus programs for our network, like trend micro? I am looking for suggestions as to how any of you would further secure this network if it were up to you. Any and all suggestions and questions are welcome as I am rather a novice when it comes to security. thanks for any and all help! Quote
Guest David H. Lipman Posted March 3, 2009 Posted March 3, 2009 From: "Lynnex1138" <Lynnex1138@discussions.microsoft.com> | Hello, | I oversee a small (>150) network of PCs and a couple of Macs. We are a | non-profit health care facility that has clients in and out all day using the | computers. The majority of our computers are old, P4's some with 256k fo ram | running windows 2000 sp4.Most of our users log in with a common userid that | gives them very limited rights on the network however most of what they do is | surf the web and most of this is not business related but done for | entertainment. | We have alot of people who want to download music, look at porn, chat, | download and install programs like limewire and upload to file sharing sites. | When I started working here there was virtually no security or web filter in | place. We have the following: | The lowest level content filter from the sonic wall pro 2040 | Symantec antivirus 10.0.1 | Last fall we were blacklisted due to a trojan sending out emails. We scanned | all our machines and found several viruses not detected by our anti-virus | program. I am always finding various trojans on the network. | Right now, I have done the following: | enacted group policies to prevent downloads and installations | disabled floppy, cd-rom and usb drives | blocked all chat and instant messaging | Allow personal computers to access the network only under IT supervision | Blocked smtp on all machines except our mail server | I am testing websense as a content filter and hope to be able to use it so I | can block streaming video and a whole host of other stuff our old content | filter doesn't cover. I am also wondering if there are better anti-virus | programs for our network, like trend micro? | I am looking for suggestions as to how any of you would further secure this | network if it were up to you. Any and all suggestions and questions are | welcome as I am rather a novice when it comes to security. | thanks for any and all help! Institute an Autorized Use Policy (AUP). Write it up, formalize it and have everyone sign it. That AUP should specifically set the bounds of what can and can not be done on the NPO network. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Tom [Pepper] Willett Posted March 3, 2009 Posted March 3, 2009 "Lynnex1138" <Lynnex1138@discussions.microsoft.com> wrote in message news:F8FA0306-9EBD-4BD0-AD1E-4B9CA38F858B@microsoft.com... : Hello, : : I oversee a small (>150) network of PCs and a couple of Macs. We are a : non-profit health care facility that has clients in and out all day using the : computers. The majority of our computers are old, P4's some with 256k fo ram : running windows 2000 sp4.Most of our users log in with a common userid that : gives them very limited rights on the network however most of what they do is : surf the web and most of this is not business related but done for : entertainment. : : We have alot of people who want to download music, look at porn, chat, : download and install programs like limewire and upload to file sharing sites. Your problem is not in securing the network, it's controlling your employees. At this time of high unemployment, there should be people willing to follow rules in order to keep their job. Also, if they have so much free time on their hands, you don't have enough work for them to do. Find them work, or lay them off. You need a written usage policy that everyone signs, with penalties, including termination. You'd be surprised how well that can work. The bottom line: You are letting the employees run the company instead of the management. Poor leadership is your biggest problem. Quote
Guest Lynnex1138 Posted March 10, 2009 Posted March 10, 2009 "Tom [Pepper] Willett" wrote: <span style="color:blue"> > > "Lynnex1138" <Lynnex1138@discussions.microsoft.com> wrote in message > news:F8FA0306-9EBD-4BD0-AD1E-4B9CA38F858B@microsoft.com... > : Hello, > : > : I oversee a small (>150) network of PCs and a couple of Macs. We are a > : non-profit health care facility that has clients in and out all day using > the > : computers. The majority of our computers are old, P4's some with 256k fo > ram > : running windows 2000 sp4.Most of our users log in with a common userid > that > : gives them very limited rights on the network however most of what they do > is > : surf the web and most of this is not business related but done for > : entertainment. > : > : We have alot of people who want to download music, look at porn, chat, > : download and install programs like limewire and upload to file sharing > sites. > Your problem is not in securing the network, it's controlling your > employees. At this time of high unemployment, there should be people willing > to follow rules in order to keep their job. Also, if they have so much free > time on their hands, you don't have enough work for them to do. Find them > work, or lay them off. > > You need a written usage policy that everyone signs, with penalties, > including termination. You'd be surprised how well that can work. > > The bottom line: You are letting the employees run the company instead of > the management. Poor leadership is your biggest problem. > </span> Thanks for the response. I should point out however that the issues I see 99% of the time come from our clients; who are hospital patients; not from the staff. We had one employee who we found using proxy servers to skirt our policy and he did in fact loose his job over it. Quote
Guest FromTheRafters Posted March 10, 2009 Posted March 10, 2009 "Lynnex1138" <Lynnex1138@discussions.microsoft.com> wrote in message news:B529D586-AD0C-42DC-8B00-726A013A2AE0@microsoft.com... <span style="color:blue"> > Thanks for the response. I should point out however that the issues I > see > 99% of the time come from our clients; who are hospital patients; not > from > the staff. We had one employee who we found using proxy servers to > skirt our > policy and he did in fact loose his job over it.</span> So, is this an Internet Cafe you're running? http://www.antamedia.com/caffe/ Quote
Guest David H. Lipman Posted March 10, 2009 Posted March 10, 2009 From: "Lynnex1138" <Lynnex1138@discussions.microsoft.com> | Thanks for the response. I should point out however that the issues I see | 99% of the time come from our clients; who are hospital patients; not from | the staff. We had one employee who we found using proxy servers to skirt our | policy and he did in fact loose his job over it. You need to separate the the two. One network protected enclave for management and personnel and another one distainctly separated for patients. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.