Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Secure a small network

Status
Not open for further replies.
MasterRacker

MasterRacker

New member
Oct 13, 1999
3,343
0
0
US
I will be helping someone who has a client that has finally admitted he needs his office computers secured due to numerous problems with malware. He is running Windows 2003 Small Business Server however all the desktops (about 10) are running XP Home (I know, but he couldn't be convinced to spend extra on Pro). As far as I know at the moment, all clients are running Norton Antivirus. The office is online through a business DSL link. I'm not sure if they're using the built-in Exchange server or it they all have individual POP accounts with their ISP.

Constraints:
1. It's highly unlikely there will be any budget for new software or hardware (like a firewall).
2. It's a small office and the end users are barely computer literate, so switching primary browsers to FireFox is probably also going to be out of the question.

Initial Plans:
1. Make sure all users are not running under administrative accounts.
2. Make sure all Updates are applied, including SP2.
3. Install the MVPS Hosts file.
4. Install IE-SPYADS.
5. We may try to use Zone Alarm or Sygate Personal firewall instead of XP's.
6. Install MS Anti-Spyware
7. Install Ad-Aware (I know about the blot on their reputation, however in this case at least, I feel it's more user friendly than SpyBot and I'm hoping they've learned from their mistake by now.)
8. Cut IE History to 1 day and temporary file storage to a minumum.

Any other suggestions for tightening up an XP Home machine? Since I can't join the domain, I'm not aware that I can do much with policies, etc.

[sub]Jeff
[purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day

I was not born cynical - I earned my cynicism through careful observation of the world around me.[/sub]
 
Sort by date Sort by votes
I'd add SpywareBlaster.

Then install HijackThis on all the computers, and run it periodically. HijackThis isn't subject to the false positives / false negatives that AdAware and MSAS are.

Learn to interpret the HijackThis log, after you do a few you'll know it by heart.

Cheers,

Chuck
Paranoia is not a problem, when it's a normal response from experience.
 
Upvote 0 Downvote
We use HJT regularly, however, that is definitely not something we want the end users touching. (Remember, computer illiterate and running under reduced priviledges. Unless we can talk them into a periodic maintenance contract, that will only get run when diagnosing a future problem.)

SpywareBlaster is definitely a possibility.

[sub]Jeff
[purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day

I was not born cynical - I earned my cynicism through careful observation of the world around me.[/sub]
 
Upvote 0 Downvote
On second look, SpywareBlaster is not free for business use. :-( If you think corporate IT depts are tough to squeeze a nickel out of, try small town small businesses.

[sub]Jeff
[purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day

I was not born cynical - I earned my cynicism through careful observation of the world around me.[/sub]
 
Upvote 0 Downvote
Lock down internet explorer. Tools -> Internet Options -> Security -> and on the Security level for internet options, lock down what isn't needed.

Obviously, taking out the ability to run ActiveX controls, userdata persistence, Java and Javascript will affect some websites, but the best settings to use will only be known when you know the websites that they use and tweak the settings appropriately.
You can also disable downloading of files etc from within this dialog box. If there is no business need for it, take it out.

Check that Norton antivirus LiveUpdate is set to automatically update and that this is working (I found on one system the auto update settings weren't working, this fixed when I installed XP SP2).

John
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
97
pjw001
pjw001
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
252
Flinx
Flinx
Sebastian42
  • Locked
  • Question
Getting a drive REdetected
Replies
18
Views
232
Rick998
Rick998
Deniall
  • Locked
  • Question
AutoHotKey for a very simple task 1
Replies
5
Views
132
Deniall
Deniall
dpellegrini
  • Locked
  • Question
Unable to map a drive
Replies
12
Views
203
dpellegrini
dpellegrini

Part and Inventory Search

Sponsor

Back
Top