Jump to content

PC Security

phpballer
 Share

Recommended Posts

phpballer

phpballer

Posted
Posted

The recent Sasser virus crippled several of our machines last week. The numbers aren’t in yet but it probably cost us thousands of dollars in down time and repairs.

In one of our locations we’ve been using an application called Deep Freeze. When a machine is in a frozen state no matter what you do to the machine, when it restarts the PC is restored. It’s a cool tool, and none of those machine had the virus (if they did they were rebooted so we didn’t know about it).

One of our over zealous network guys suggested to senior managment that we should move our entire organization from Win 2K to Win XP, enable XPs firewall, install Deep Freeze on every PC and lock down the entire organization. The idea sounds good in theory, but I do have a couple of concerns:

Deep Freeze also has the ability to give users “thawed space”. Essentially this allows users to maintain their person files in a folder that is not affected by the machine rebooting. To administer a machine with DF you have to reboot it into thawed mode, make changes, and reboot back into a frozen state. It does however have the ability to allow automatic maintenance scheduling for Windows updates, etc.

After reading my problem I would like to hear what you think. Putting WinXP on 500 machines is going to be a big project for us. We have a staff of 5 and a mix and match of Dell machines.

Is Deep Freeze the answer or are we asking for more problems?

Is there another way of doing this?

Link to comment
Share on other sites

HyDeNCiTy

HyDeNCiTy

Posted
Posted

R u guys running any type of Firewall?? Cause that has stopped the virus from comin in for us. We also run Symantec Corporate and it does the job every time. It detects all viruses since it updates every few days and if an email comes in to one of the workstations, the user gets a warning when he/she tries to open the contaminated email. Symantec automatically quaratines the virus and all the user has to do is delete the email. I don't think that u guys would have to do all that just to prevent viruses, but a few more pieces of software that will protect u guys will be better. A hefty firewall, and a hefty AV would be ok in my opinion.

Link to comment
Share on other sites
Marsden

Marsden

Posted
Posted

Never put important information on a computer.

If you do, never plug it in.

If you plug it in, don't turn it on.

If you turn it on, all bets are off...

The ONLY means to real security is a standalone hardware firewall which requires you to disconnect it from network to configure it.

One that does Stateful Packet Inspection and drops "bad" packets on the floor...

Any software firewall that can be installed by you the user can also be uninstalled by a clever hacker...

Link to comment
Share on other sites
  • 2 weeks later...
Xonarc

Xonarc

Posted
Posted
R u guys running any type of Firewall?? Cause that has stopped the virus from comin in for us. We also run Symantec Corporate and it does the job every time. It detects all viruses since it updates every few days and if an email comes in to one of the workstations, the user gets a warning when he/she tries to open the contaminated email. Symantec automatically quaratines the virus and all the user has to do is delete the email. I don't think that u guys would have to do all that just to prevent viruses, but a few more pieces of software that will protect u guys will be better. A hefty firewall, and a hefty AV would be ok in my opinion.

funny thing is, at my work sasser didnt cause any problems, until about 3 weeks after the s*** hit the fan. Then somebody. who was on holiday , brought their laptop into work , clicked in thier cable and bamm almost the whole of the company went PLOP!!!!.

the funniest thing ive ever seen was the network admin running around like a blue arse fly trying to stop this thing.. BAAAAAAAAAAAAAAAAAAAAHHHH serves him right for not updating the machines when it irst hit :)

Link to comment
Share on other sites
SteveB

SteveB

Posted
Posted
Never put important information on a computer.

If you do, never plug it in.

If you plug it in, don't turn it on.

If you turn it on, all bets are off...

The ONLY means to real security is a standalone hardware firewall which requires you to disconnect it from network to configure it.

One that does Stateful Packet Inspection and drops "bad" packets on the floor...

Any software firewall that can be installed by you the user can also be uninstalled by a clever hacker...

lol Marsden you are so right. However, you have missed the two most important solutions

Switch off the internet

lock it in a room and throw away the key.

Link to comment
Share on other sites
  • 1 month later...
roto

roto

Posted
Posted
One of our over zealous network guys suggested to senior managment that we should move our entire organization from Win 2K to Win XP..

how exactly would that help any future virus outbreaks?

Link to comment
Share on other sites
MadGutts

MadGutts

Posted
Posted

LOL

Shouldn't laugh.... But what difference would the OS make to the Virus?

If you dont update the virus definitions then you are asking for trouble.

The best option is to setup a hardware firewall between the outside world and your network, then have a pc routing with a firewall on it and of course an up to date virus scanner. This works for us, we have had attempts on our network, but none successful, even my collegue tried accessing the internal network and couldn't, so the boss was very happy!

We use McAfee Virusscan 7 Enterprise, the server also downloads the virus definitions for the whole network.

But hackers are always looking for a challenge.....

:)

Link to comment
Share on other sites
GeneralMandible

GeneralMandible

Posted
Posted

Definitely put in a firewall. That will cover scans and direct attacks. Then, install antivirus software. I recommend having an antivirus server and each PC on the network has the client software installed on it. Also, filter email attachments. Don't let attachments with certain extensions get through. That frees up a lot of resources on the antivirus system. Another step in security is to manage your IPs. And a simple thing is to put in place policies that let users know that they cannot connect personal equipment to the network. People will feel dumb if they are told not to do something and do it anyway and then get put up on a pedestal in front of the entire office :) . You can even put together some Cyber Security Training for users. The biggest threat is an uneducated user.

Hope this helps.

Link to comment
Share on other sites
rlocone

rlocone

Posted
Posted

One of our over zealous network guys suggested to senior managment that we should move our entire organization from Win 2K to Win XP..

how exactly would that help any future virus outbreaks?

Actually it might make it worse. The viruses & worms of today are tailor made for 2k, xp & 2k3.

Link to comment
Share on other sites
  • 2 weeks later...
phb

phb

Posted
Posted

Put in a perimiter firewall to stop inbound attacks. As I just wrote in another post, ipcop is excellent, and free. Check out www.ipcop.org

Put in a network version A/v. Have the server poll the vendor every 30 minutes, and get any updates. The systems are then configured to poll the server for updates every 40 minutes [or whatever]

If you're serious, put firewalls on each pc too - using software firewall, like kerio or zonealarm or whatever.

Get rid out Outlook, Outlook express and Internet Explorer, and, combined with the above, and you're pretty well covered.

Also, consider putting in a SUS server, and automate windows update to that server.

The only pain in the a** aspect to all of that is that the personal firewalls on the PCs will take some time to bed down....

Forgot to mention - run an a/v scanner over your emails as they're coming in - so if an email is infected, it doesn't get delivered.

Cheers,

PHB.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...