SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Security > General Network Security

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 11-03-2012, 02:20 AM
Jangell Jangell is offline
New Member
 
Join Date: Nov 2012
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Jangell is just starting out
Default Advice on the proper solution/product

As is somewhat normal...I am by default the IT guy for our small business.

Hoping that some of you with experience in environments similar to mine might be wiling to share some of your learned wisdom.

Our office:
10 PCs running mostly Win 7 (2 still on XP)
6 wired and 4 wireless
Wired machines have gigabit NICs...Dont necessarily need Gigabit speed but it would be nice
2 macs running 10.7
2 Wireless

1 Server running 2008
The server hosts an App that the PCs access

2 wired printers
1 wireless printer

Users have iPhones etc that hit the wireless network


my primary problem is with users surfing the web, streaming music and youtube and updating Facebook.

Secondary issue is with users opening webmail attachments that might not be all that safe.

I had a netgear WRN2000 router that worked fine until the amount of websurfing impacted productivity.

Upgraded to a Prosafe FVG318 - Frankly this thing sucks...

Wireless is horribly slow and the number of dropped connections had increased dramatically.

Wired computers have connection issues as well and on more than a handful of instances we have duplicate IP error messages appear.

The Prosafe also lacks the ability to block https sites (works fine on http sites) This is a large problem given that gmail, facebook and a variety of other sites are https sites.



I am by no means an IT expert...I call tech support ALOT...Love netgear's support for this very reason.

Any and all advice is appreciated...Thanks in advance.
Reply With Quote
  #2  
Old 12-09-2012, 02:56 AM
Tumothy T. Doran
Guest
 
Posts: n/a
Default

You have a lot that is “old”; all PC’s should be brought to Windows 7 Enterprise / Professional (with 5 or more, you can opt in for Microsoft VLA – Volume License Agreement), Server 2008 to 2012.

What you did not mention, was the use of Active Directory Services, this should be implemented, with various Policy levels; this can control / limit / and/or totally restrict devices / users on the network; like shutting down all local USB ports (no more unwanted plug-in of iPad’s, iPhones, and other similar) and optical media drives.

A router and/or a security appliance cannot do this alone, or even a large portion (you will have performance that is . . .).

You best bet, spend the money, bring in an IT Consulting / Management firm, rebuild your network, unifying and simplifying. Do first however, depending where you are, if near a big city, there may be a Cisco office near you, stop in, they will provide a ton of information.
1950's
Reply With Quote
  #3  
Old 02-26-2013, 03:05 PM
rquared rquared is offline
New Member
 
Join Date: Feb 2013
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
rquared is just starting out
Default Possibilities

First step, identify what your company's stance (i.e. Policy) is on Internet access. If you have a small pipe, getting streaming off net is fairly easy, Facebook, a bit harder. Acceptable use is not for IT to decide, so make sure you have executive support.

For free, quick, simple, extremely basic/easy to thwart filtering, use OpenDNS, register your IP and turn off categories you identify in this first step as undesirable.

Step two, if you've inherited IT, you've inherited the IT budget. Find out what it is and how much the company plans to invest annually in technology. If it's not important to them to identify, your fighting a loosing battle.

Once identified, step three, do a quick risk analysis to determine where your highest business risk is. Typically organizations look at perimeter first, but as you are doing, remember OUTGOING is perimeter...so content filtering is important.

Anti-virus, although largely ineffective at stopping new threats is valuable when identifying compromise. Make sure your using something good and it's updating on your server and clients. Centralize management is really important as well as content filtering as explained above. When an incident happens, you need to be able to determine what happened in order to stop the incident from occuring again.

Without knowing your email configuration (assuming webmail), standardize on a single service for all users. Anti-virus is your only method for combatting this unless you stand up a UTM box (Untangle, Astaro, etc.) or host your own email server and can subscribe to a service like Postini or Websense to scrub/filter your mail for you.

Hope that helps a bit. Like the other response, I would upgrade your two XP clients if possible, firewall if not. The Win2k8 server is not a concern. Just keep it patched. (patching and vulnerability scanning is a whole new topic that should be on your radar after looking at the above topics as well as a ton of other things, but this should help you get started alteast.)

Hope this helps.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -4. The time now is 01:36 AM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  432
azazel1024  125
john9527  97
L&LD  94
htismaqe  81
ColinTaylor  70
stevech  65
hggomes  64
sfx2000  58
Anzaia  50
RMerlin  6273
john9527  447
stevech  352
ryzhov_al  289
TeHashX  252
L&LD  242
RogerSC  202
sinshiva  146
sfx2000  136
joegreat  127
Most Viewed Threads* Hottest Threads*
Old Asuswrt-Merli...  46888
Old RT-AC68 -...  22213
Old RT-AC68P...  7011
Old Moderate Nat...  4673
Old ASUS RT-N66U...  4227
Old iOS 8.1...  3952
Old RT-AC87U -...  2430
Old WiFi...  2420
Old RT-AC68P QOS...  1957
Old AC68U,...  1744
Old Asuswrt-Merli...  214
Old RT-AC68 -...  137
Old Review: 24...  35
Old iOS 8.1...  33
Old RT-AC68P...  33
Old Moderate Nat...  29
Old WiFi...  27
Old RT-AC87U -...  26
Old RT-AC68P QOS...  24
Old How to flash...  24


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.