Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Questions on Internet Security 2

Status
Not open for further replies.

djcrucial

MIS
Nov 15, 2002
21
US
Hello my fellow professoinals, I would like all of your input on this matter. My boss always seems to look for companies to handle jobs that we are capable of doing. Right now we are running NT Server with the majority win98 desktops all of our outside branches connect through our VPN. Everybody has access to the internet and are free to download what they want from the internet. My question is what could I do to provide some security as far as hardware or software. It is really not neccessary for us to get Websense or companies like them.
 
No joke: hammer out an acceptable usage policy that yu can be comfortable with and back it up. You can put up safeguards to you heart's content and you'll still have problems. Better to lay it on the line and have the employee sign off on it than to let it become a full time job for you.

I posted several starting points not long ago in this thread: thread83-727448

Good luck.

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Also, you should look into employing tools such as SpyBot ( which offers a function called IMMUNIZE that can help ward off many malware/adware infections. Adaware by Lavasoft ( is also useful.
Keeping AV up to date on user machines is also crucial. TrendMicro and Grisoft are two AV makers worth a serious look.
Finally, spending some time designing short seminars in order to educate your users on the perils of "careless surfing"/"how to be a better user" might be worth your while and well-received.

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
You can get a good proxy server. All internet traffic will have to pass through the proxy and this will allow you to monitor and manage all Interent activity. I currently use ISA (Microsoft Internet Security and Accelerator) for my clients. There are other proxy's that are least expensive and for smaller size companies.
 
Great now if your using a proxy will interfere with our vpn? (numerous cities connect to our vpn to access our server)
 
No. The proxy can be configured to allow VPN connections through. My network as well accepts VPN connections. In ISA it's simple you just have to right-click on Routing and Remote access and select Accept VPN Connections. That's how simple it was for me. Check out the Microsoft site for ISA at they have alot of information plus you can download a trial version ...which last for about 3 months before you have to purchase it. Good luck!
 
It seems to me a big issue that you have:

no FW- no proxy and VPN site-to-site to you hosts.

What I did is : external FW ---- DMZ ---- Internal FW --- LAn

- ISa Proxy in DMZ + AV
- VPN Terminator Box in DMZ
- RAS in DMZ

You need to tell you boss to protect you network, if no one day he will point his finger to you...

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top