RE: Securing a Local Network

["Henry, Christopher M." <chenry () radiologycorp com>]

In your case windows would the best way to go. All you would have to do
is set up an active directory controller and connect everyone to the
domain. Since you are short on  funds, you can also use it as a file
server and install something like Symantec corp. edition anti-virus on
it. If you do decided to bring your mail in house...you can have an
exchange/adc server and a separate file/anti-virus server. Once you
start to host your own services (ex. Mail, website, webamail...) you
will need sometype of a firewall or a better router.

Linux can function as a domain controller, but as much as I love linux,
I would have to recommend that you stay away from this option unless you
are an expert linux user. 




-----Original Message-----
From: John Roberts [mailto:roberts () tridecap com] 
Sent: Tuesday, April 13, 2004 1:17 PM
To: security-basics () securityfocus com
Subject: Securing a Local Network

I started working as a sys admin at a small company (about 15 people)
and they are starting to think it's time to upgrade their network.
Right now it's just 20 computers, running a mix of xp and 2000 on a
local network, sharing files, with almost no anti virus and the only
protection from the outside world is the NAT that the routers perform.  

I've tried to get the to upgrade to a domain, add a file server for
backup, get some office wide virus protection and maybe even take our
email in house, but they've balked at the price to setup a legit windows
domain.  The main goals are access control on the local network and
virus / worm protection.  I'm suggesting a Windows domain controller to
enforce access control and then an centralized anti-virus product.  Is
this enough, and are there other (easier, cheaper, more effective ways)
to make sure that only the people who need to can access the financial
records, the computer people can access the all computers when they need
to, and some user decides to download a cute little program won't
destroy the whole network with a virus.


Is a linux domain controller a solution, considering everything else in
house is windows?  Is an anti-virus solution at the gateway better than
an anti-virus solution on each desktop?  Basically, what's a good way to
set up a solid base of network security, which can then be expanded on?

John Roberts


------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off any course! All of our class sizes are guaranteed to be 10 students
or less to facilitate one-on-one interaction with one of our expert
instructors. 
Attend a course taught by an expert instructor with years of
in-the-field pen testing experience in our state of the art hacking lab.
Master the skills of an Ethical Hacker to better assess the security of
your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------