Re: Securing a Local Network

[webmaster <webmaster () play-by-mail de>]

Hi John,

even if you have a virus protection at the gateway, you still need it on the
clients. People use usb-sticks, notebooks and things like that. Another problem
is the fact, that gateway protection cant protect you against password protected
email attachments. So the best way is a combination of both. If you want to save
money, give up fileserver-protection.

I have got 2 other questions, regarding your issue, which might be interesting
for you, too.

If I do not host my own services, is there a advantage to protect my network
through a packetfilter or even a statefull inspection firewall appliance? Or is
it enough to use NAT in combination with personal firewalls on every desktop?

If I use a firewall appliance, do I still need personal firewalls on the
desktops? I guess I do. One benefit are internal attacks using tools like
superscan. Am I right? Other benefits?

Regards
Andreas

John Roberts wrote:

> I started working as a sys admin at a small company (about 15 people) and
> they are starting to think it's time to upgrade their network.  Right now
> it's just 20 computers, running a mix of xp and 2000 on a local network,
> sharing files, with almost no anti virus and the only protection from the
> outside world is the NAT that the routers perform.
>
> I've tried to get the to upgrade to a domain, add a file server for backup,
> get some office wide virus protection and maybe even take our email in
> house, but they've balked at the price to setup a legit windows domain.  The
> main goals are access control on the local network and virus / worm
> protection.  I'm suggesting a Windows domain controller to enforce access
> control and then an centralized anti-virus product.  Is this enough, and are
> there other (easier, cheaper, more effective ways) to make sure that only
> the people who need to can access the financial records, the computer people
> can access the all computers when they need to, and some user decides to
> download a cute little program won't destroy the whole network with a virus.
>
> Is a linux domain controller a solution, considering everything else in
> house is windows?  Is an anti-virus solution at the gateway better than an
> anti-virus solution on each desktop?  Basically, what's a good way to set up
> a solid base of network security, which can then be expanded on?
>
> John Roberts
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------