RE: Securing a Local Network

From: Henry, Christopher M. (chenry_at_radiologycorp.com)
Date: 04/14/04

  • Next message: Jon S.: "List of Questions for InfoSec Business Development (Experts Please Review)" 
    Date: Wed, 14 Apr 2004 15:30:05 -0400
To: "John Roberts" <roberts@tridecap.com>, <security-basics@securityfocus.com>

    In your case windows would the best way to go. All you would have to do
    is set up an active directory controller and connect everyone to the
    domain. Since you are short on funds, you can also use it as a file
    server and install something like Symantec corp. edition anti-virus on
    it. If you do decided to bring your mail in house...you can have an
    exchange/adc server and a separate file/anti-virus server. Once you
    start to host your own services (ex. Mail, website, webamail...) you
    will need sometype of a firewall or a better router.

    Linux can function as a domain controller, but as much as I love linux,
    I would have to recommend that you stay away from this option unless you
    are an expert linux user.

    -----Original Message-----
    From: John Roberts [mailto:roberts@tridecap.com]
    Sent: Tuesday, April 13, 2004 1:17 PM
    To: security-basics@securityfocus.com
    Subject: Securing a Local Network

    I started working as a sys admin at a small company (about 15 people)
    and they are starting to think it's time to upgrade their network.
    Right now it's just 20 computers, running a mix of xp and 2000 on a
    local network, sharing files, with almost no anti virus and the only
    protection from the outside world is the NAT that the routers perform.

    I've tried to get the to upgrade to a domain, add a file server for
    backup, get some office wide virus protection and maybe even take our
    email in house, but they've balked at the price to setup a legit windows
    domain. The main goals are access control on the local network and
    virus / worm protection. I'm suggesting a Windows domain controller to
    enforce access control and then an centralized anti-virus product. Is
    this enough, and are there other (easier, cheaper, more effective ways)
    to make sure that only the people who need to can access the financial
    records, the computer people can access the all computers when they need
    to, and some user decides to download a cute little program won't
    destroy the whole network with a virus.

    Is a linux domain controller a solution, considering everything else in
    house is windows? Is an anti-virus solution at the gateway better than
    an anti-virus solution on each desktop? Basically, what's a good way to
    set up a solid base of network security, which can then be expanded on?

    John Roberts

    ------------------------------------------------------------------------ 

    ---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off any course! All of our class sizes are guaranteed to be 10 students
or less to facilitate one-on-one interaction with one of our expert
instructors. 
Attend a course taught by an expert instructor with years of
in-the-field pen testing experience in our state of the art hacking lab.
Master the skills of an Ethical Hacker to better assess the security of
your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
  • Next message: Jon S.: "List of Questions for InfoSec Business Development (Experts Please Review)"

    Relevant Pages

    • New ASP.NET Project on Windows Server 2003
      ... VS.NET 2003 on a Windows Server 2003 domain controller. ...
      (microsoft.public.vsnet.general)
    • Re: Creating an app that runs as admin
      ... The different Windows versions are all ... The installations are generic, being supposed to work ... home, business without domain controller, business with domain ... controller), which would adjust the set of services to be run. ...
      (microsoft.public.vb.general.discussion)
    • User ID Setup
      ... I have some questions about setting up UserIDs in Windows XP Pro ... I am going to be using a Windows 2003 Domain Controller. ... as Administrator and the changes are accepted, but it still shows those goofy ...
      (microsoft.public.windowsxp.network_web)
    • Server 2003: Unable to DCPROMO the 2003 server
      ... I am trying to DCPROMO a Windows SErver 2003 to a domin controller. ... unable to convert the computer account MACHINE$ to a domain controller ... a Policies folder, but no GPO. ...
      (microsoft.public.windows.server.setup)
    • Windows 2003 Small Business Server
      ... I have a server Windows 2003 Small Business Edition as domain controller running global catalog, DNS, DHCP, File and Print sharing etc. on my local network. ...
      (microsoft.public.windows.server.general)