PC - Mac small office network security

Posted:
in General Discussion edited January 2014
A friend tossed me this question annd I turn to you guys.



What is the best way to set up a small offcie system to make it as secure as possible on the net? This office gets about 150 e-mails a day and spendds lots of down time clearing viruses, etc.



I suggested using a Mac as the mail medium and primary Net computer. Any suggestions would be very helpful.

Comments

  • Reply 1 of 11
    Do they need to use PC's at all? Best bet would be to put the whole network on Macs.
  • Reply 2 of 11
    MarvinMarvin Posts: 14,209moderator
    Quote:
    Originally Posted by Bergermeister


    A friend tossed me this question annd I turn to you guys.



    What is the best way to set up a small offcie system to make it as secure as possible on the net? This office gets about 150 e-mails a day and spendds lots of down time clearing viruses, etc.



    I suggested using a Mac as the mail medium and primary Net computer. Any suggestions would be very helpful.



    I don't think that would help much. The Mac could still forward viruses on to a PC so you'd still need to do all the checking.



    You could block all domains and only allow generally secure ones. But those kind of measures affect clients at some time or another.
  • Reply 3 of 11
    Quote:
    Originally Posted by lakingsfn


    Do they need to use PC's at all? Best bet would be to put the whole network on Macs.



    I agree, however, sadly, Japan is a Windows world (Sony, Hitachi, Toshiba to name a few makers), and very little software for businesses (tax prep, accounting) is available for Mac. This office also seems to think PCs are cheap, even when they spend about 25% of their time off-line doing virus checks and other Windows activities.
  • Reply 4 of 11
    Quote:
    Originally Posted by Marvin


    I don't think that would help much. The Mac could still forward viruses on to a PC so you'd still need to do all the checking.



    You could block all domains and only allow generally secure ones. But those kind of measures affect clients at some time or another.



    Would a Mac with Symantec (ugh) installed not discover a Windows virus and be able to remove it?
  • Reply 5 of 11
    MarvinMarvin Posts: 14,209moderator
    Quote:
    Originally Posted by Bergermeister


    Would a Mac with Symantec (ugh) installed not discover a Windows virus and be able to remove it?



    Don't use Symantec with a Mac. But yes, a Mac virus scanner should be able to remove Windows viruses. What I was saying is that a PC could do the same thing and indeed may be more advantageous since Windows has a lot more selection in terms of virus scanning software.
  • Reply 6 of 11
    1. Get a router with a hardware firewall and connect all PCs through that.



    2. Install software firewalls (Ashampoo, ZoneAlarm, etc.) on each machine to block incoming/outgoing connections that are not from approved applications. XP SP2's built-in firewall is not enough.



    3. Install Firefox on each machine and set it as the default browser. Hide the IE icon from sight so people won't be tempted to use it. (This may or may not jive with web-based apps the company uses, however.)



    4. Setup a Linux mail server to intercept all incoming mail and scan it for viruses before routing it to employees. If they have a website, they can ask their webhost to do this for them and they'll be okay as long as they only use @companyname.com email addresses.



    5. Patch early, patch often. And don't forget to make frequent backups of important documents or they WILL be lost!
  • Reply 7 of 11
    Step 1: Router with hardware firewall with packet inspection.



    Step 2: Get a good virus protection software. That means no Symatec/ Mcafee which are crap. Something like AVAST! or Antivir.



    Step 3: Configure PCs such that users work in very limited user account and configure security policy on PCs such that users can not install anything and/or modify system prefs.



    There are other ways of doing it, but this is a simplest one that will be effective.
  • Reply 8 of 11
    chuckerchucker Posts: 5,089member
    1) Get a router.

    2) Get Windows Defender.

    3) Give your employees limited privileges.



    You're done.
  • Reply 9 of 11
    a_greera_greer Posts: 4,594member
    Quote:
    Originally Posted by Bergermeister


    A friend tossed me this question annd I turn to you guys.



    What is the best way to set up a small offcie system to make it as secure as possible on the net? This office gets about 150 e-mails a day and spendds lots of down time clearing viruses, etc.



    I suggested using a Mac as the mail medium and primary Net computer. Any suggestions would be very helpful.



    Put a gateway server** at the border running ClamAV real time scanning in linux. It isnt 100% but it will really help.





    **In this case the term server refers to the funvtion, not the form: any old desktop should work so long as it has ~256 mb ram, hell 128 or less if you are willing to build the kernal and stuff with something like Gentoo and strip out the code that you do not need...





    Or there are always tools like Barracuda Email firewall but that really is only good if the server in question is local.
  • Reply 10 of 11
    Thanks, guys. I will pass the knowledge along.
  • Reply 11 of 11
    Hi there,



    Definitelly, I don't see a problem with the company. Since I liked to play with unix, and had couple computers at home, I came up with the idea to setting up a hardware router on my own. How? Simple



    Here is an explanation.



    I had one very old 486.. I think 8-16ram. What I did, there is some free small Unix distribution called FreeSCO. This fits on one floppy disk. It is perfect. I used switch, plugged all computer to it, and set the old 486 computer as a gateway to internet. The main connection was plugged to the gateway. Hence, this was perfect protection.



    FreeSCO is tweaked, and first of all it is linux, no viruses and all the rest crap comes in. It is perfect filter. I removed all of my home anitvirus/firewall software. All works perfect, fine, without any mess. Try it, I really encourage.



    BTW. If you are not a *nix kind person, do not to worry. FreeSCO is almost already set up. Generally, you don't need to do anything.



    BTW2. The same solution you can get with any computer with linux system set as gateway. However, in this solution, I assume you will need to spend a little more time to set up rules etc. So ... you joice.



    FreeSCO is very convenient, and not taking a lot of time.



    BTW3. I also set on this 486 machine 40mb hdd... this hdd is even broken in half showing 80mb (who knows why???), but really it works great, and I can use full of its 40mb as my ssh server.



    I hope it helped.

    Cheers!

    Kris
Sign In or Register to comment.