Windows Network Security

[luismigilbert]

Hi, i need some help here pliz:

There is a a lan (100mbps) working as a workgroup. There is a Dell Server with Win2k Standard Server. A router wich is sharing Internet.. Mail is hosted by BRINKSTER.

there are 9 workstations - 1 server.. all of them have Windows OS´s.

I need to make my network saftier..

First thing i did: installed Mcafee Virus Scan Enterprise 80i everywhere (workstations and server) + Microsoft Antispyware...An Auto Update architect for Antivirus Dats have being installed too..

I´m thinking to install antispam on ever pc whith Outlook installed. For Internet permissions, i´ll migrate everything to a domain, so then i will be able to manage internet sharing... but i need a name for a software who i can install and stop messenger and stuff like that...

Any suggestions??

 

[Spike]

First, if you have a netwrok or you are paranoid enough, install a box on the network with win2003 server as a domain controller and set up your domain.

as for software to stop messenger - please clarify.

 

[luismigilbert]

ok... first, thanx for your response...

about network... there is one switch where every computer´s patch cord is plugged..on the same switch one router (that belongs to ISP) is connected to, so everyone can use Internet cause router´s DHCP y enabled...

i´m migrating to a domain for other reasons too... but i don´t know how to manage internet sharing... working in a domain, i can create some policies, so every computer who wants to use internet will have to go through my Internet Server (it´s going to be the same pdc)

But if anyone don´t log on the domain, but log with a local profile, then they´ll have Internet access, right?

remember that router is connected directly to my switch..

i want to take control to accessed web pages, block messenger... stuff like that... help!

 

[Spike]

You first need to find out more about setting up a domain based network and do it right - your options are limited only by the way you configure it, as is the question of "local accounts accessing the web".

This thread probably belongs in the Storage and Networking forum, and I'll leave it to someone more experienced to help you - I can only give generic advice on this issue.

 

[DelJo63]

I think you're saying

Internet -- public.router--domain.server--intranet.router--lan.systems

making everyone use a Proxy server (on the domain.server) will ensure total
control of inbound/outbound access, eg: if the proxy doesn't map to the
external, then there's no access at all!

You automatically kill external acces by not routing anything from the
lan-->domain-->public.router

any firewall on domain.server then protects all lan.systems in one configuration.

a good AV service then protects all inbound email too.

the lan.systems only need AV to protect from one another
eg:someone mounting a USB flash drive with a virus