Advice on the proper solution/product

[Jangell]

As is somewhat normal...I am by default the IT guy for our small business.

Hoping that some of you with experience in environments similar to mine might be wiling to share some of your learned wisdom.

Our office:
10 PCs running mostly Win 7 (2 still on XP)
6 wired and 4 wireless
Wired machines have gigabit NICs...Dont necessarily need Gigabit speed but it would be nice
2 macs running 10.7
2 Wireless

1 Server running 2008
The server hosts an App that the PCs access

2 wired printers
1 wireless printer

Users have iPhones etc that hit the wireless network


my primary problem is with users surfing the web, streaming music and youtube and updating Facebook.

Secondary issue is with users opening webmail attachments that might not be all that safe.

I had a netgear WRN2000 router that worked fine until the amount of websurfing impacted productivity.

Upgraded to a Prosafe FVG318 - Frankly this thing sucks...

Wireless is horribly slow and the number of dropped connections had increased dramatically.

Wired computers have connection issues as well and on more than a handful of instances we have duplicate IP error messages appear.

The Prosafe also lacks the ability to block https sites (works fine on http sites) This is a large problem given that gmail, facebook and a variety of other sites are https sites.



I am by no means an IT expert...I call tech support ALOT...Love netgear's support for this very reason.

Any and all advice is appreciated...Thanks in advance.

You have a lot that is “old”; all PC’s should be brought to Windows 7 Enterprise / Professional (with 5 or more, you can opt in for Microsoft VLA – Volume License Agreement), Server 2008 to 2012.

What you did not mention, was the use of Active Directory Services, this should be implemented, with various Policy levels; this can control / limit / and/or totally restrict devices / users on the network; like shutting down all local USB ports (no more unwanted plug-in of iPad’s, iPhones, and other similar) and optical media drives.

A router and/or a security appliance cannot do this alone, or even a large portion (you will have performance that is . . .).

You best bet, spend the money, bring in an IT Consulting / Management firm, rebuild your network, unifying and simplifying. Do first however, depending where you are, if near a big city, there may be a Cisco office near you, stop in, they will provide a ton of information.
1950's

[rquared]

First step, identify what your company's stance (i.e. Policy) is on Internet access. If you have a small pipe, getting streaming off net is fairly easy, Facebook, a bit harder. Acceptable use is not for IT to decide, so make sure you have executive support.

For free, quick, simple, extremely basic/easy to thwart filtering, use OpenDNS, register your IP and turn off categories you identify in this first step as undesirable.

Step two, if you've inherited IT, you've inherited the IT budget. Find out what it is and how much the company plans to invest annually in technology. If it's not important to them to identify, your fighting a loosing battle.

Once identified, step three, do a quick risk analysis to determine where your highest business risk is. Typically organizations look at perimeter first, but as you are doing, remember OUTGOING is perimeter...so content filtering is important.

Anti-virus, although largely ineffective at stopping new threats is valuable when identifying compromise. Make sure your using something good and it's updating on your server and clients. Centralize management is really important as well as content filtering as explained above. When an incident happens, you need to be able to determine what happened in order to stop the incident from occuring again.

Without knowing your email configuration (assuming webmail), standardize on a single service for all users. Anti-virus is your only method for combatting this unless you stand up a UTM box (Untangle, Astaro, etc.) or host your own email server and can subscribe to a service like Postini or Websense to scrub/filter your mail for you.

Hope that helps a bit. Like the other response, I would upgrade your two XP clients if possible, firewall if not. The Win2k8 server is not a concern. Just keep it patched. (patching and vulnerability scanning is a whole new topic that should be on your radar after looking at the above topics as well as a ton of other things, but this should help you get started alteast.)

Hope this helps.