securing small office network and computers

Dell / INSPIRION 1500
June 23, 2010 at 14:01:33
Specs: Windows SBS 2003, 2.2/4 Gb
How to secure a small office network (around 5 to 6 computers) so that we can VPN into the office from outside and avoid any virus from attacking the computers, prevent email attachments with viruses from opening. Prevent any data on the computer from being lost.

* Not running any email server in the office, just using yahoo or msn or gmail ... for Email
* Due to an internal application constraint have to give root permissions to all users on the computer. Running XP Prof and Vista Prof.

I believe the following steps will help keep the network secure ...
a. Router with SPI firewall and VPN capabilities, enable firewall in the router.
b. Install Virus Scanner and 3rd Party Firewall, configure the 3rd party firewall to prevent viruses from sending out data. Perform Daily virus scanner update and scanning the hard drive and memory.
c. Windows update every night
d. Keep monitoring emails about any threats/intrusions reported by the router

Have couple of follow up questions ...
1. Is there anything in addition to the above steps i can do to secure the network and computer?
2. Can i setup any web filters/content control? Suggestions for any free software or hardware component like a proxy that can do this functionality.
3. Any suggestions for Free Email Filters? do i need one if all of us read email by logging into the email portal and read the email?
4. How do i avoid phishing scams?

Thanks, Satish


See More: securing small office network and computers

Report •


#1
June 23, 2010 at 15:59:49

1. Is there anything in addition to the above steps i can do to secure the network and computer?

You did not mention how you are going to secure your VPN. I would setup IPSEC 2 Phase Tunnel and being as smal as you are you could get away with a Pre-Shared Key.


2. Can i setup any web filters/content control? Suggestions for any free software or hardware component like a proxy that can do this functionality.

Sounds like you may want to setup a Linux Box running something like Squid to proxy your internet traffic.

http://www.squid-cache.org/

http://www.ubuntugeek.com/how-to-se...

Don't forget this does not protect the local computers. The computers connecting to the system may have Viruses before they connect. If you want to be absolutely secure then I would get a remote desktop program like VNC then you can have them remote control their computers from their home computers so that no data actually flows to the home computer or back.

http://www.realvnc.com/

You may want to get this any ways because it makes it easy to fix problems when you can remote into their computers. Yuo setup VNC to only accept connections from a static list of IPs so unless a hacker spoofs one of their IPs they can't get in and even if they did they need the Remote Password and the Domain Password.


3. Any suggestions for Free Email Filters? do i need one if all of us read email by logging into the email portal and read the email?

http://qmail.org/top.html
http://www.nuclearelephant.com/

If you have some cash then MS Exchange is way easier.


4. How do i avoid phishing scams?

You don't. You can do like I do which is watch the Web for know phishing and send out email and block the IP on your firewall when you see them but otherwise you need an education program for your employees to teach them what to look for to identify phishing.

You look for URLs that are out side of the United States like any thing that end with country identifiers like .UK .CI and so on.

You also look for emails asking for personal information like...

Address
Social Security Number
Passwords
Account Numbers

You should NEVER put this information in ANY email, even if it is legit, because email is sent across the internet clear text because any one can look at it.

____________________________________________

Your best solution is to hire a consultant that will set all of this up for you.


Report •

#2
January 3, 2011 at 17:26:08
thaks ace_omega.

I would like to setup IPSEC 2 Phase tunnel, can you suggest any links that i can follow to do this.

Also can you suggest any hardware solution that helps me with VPN and Proxy solution. I was looking at check point solution safe@office100/200

Would you have any review about this and any suggestion for a similar hardware approach?


Report •

Related Solutions


Ask Question