[windows2000] Re: How to tighten up your network - suggestions
- From: Steve Snyder <kwajalein@xxxxxxxxx>
- To: windows2000@xxxxxxxxxxxxx
- Date: Wed, 25 Mar 2009 08:42:25 +1200
Disable usb drives (GPO)
remove cd-rom and floppy drives
password protect the bios
lock the cases
disallow access to local drives (GPO)
Don't allow to save from IE (GPO)
M$ Shared Desktop toolkit (like deep freeze but free and GPO friendly) -
can't stop them and can undo the damage with a reboot
Conversations with their parents about their actrivities should be a given.
Surely you make them sign an aaaceptable use policy before allowing them on?
Where I am many of those actions will get you canned, possibly arrested. We
don't allow usb drives, mcafee epo is set to delete a lot of extra stuff and
we're implementing mcafee hips. My citrix servers are locked down way more
than that of course.
On Wed, Mar 25, 2009 at 8:29 AM, Patrick <london31uk@xxxxxxxxx> wrote:
> Hi Jim,
>
> we currently have Symantec corperate and I will be looking to upgrade them
> to endpoint protection soon.
>
> The little buggers and just finding ways to be naughty, I dont mind the odd
> game, and some I will trun a blind eye, but when kids start trying to
> actively break in, then that is a different issue.
>
>
> Thanks
> Patrick
>
> ------------------------------
> *From:* Jim Kenzig http://thin.ms <jkenzig@xxxxxxxxx>
> *To:* windows2000@xxxxxxxxxxxxx
> *Sent:* Tuesday, March 24, 2009 5:45:04 PM
> *Subject:* [windows2000] Re: How to tighten up your network - suggestions
>
> Symantec Endpoint Protection comes to mind...
> http://www.symantec.com/business/products/newfeatures.jsp?pcid=pcat_security&pvid=endpt_prot_1
>
> Jim Kenzig
> Blog: http://www.techblink.com
> Twitter: http://twitter.com/kenzig
> Twitter: http://twitter.com/InternetPilot
>
>
> On Tue, Mar 24, 2009 at 12:42 PM, Patrick <london31uk@xxxxxxxxx> wrote:
>
>> Hi Guys,
>>
>> I have just been to one of my sites, and the kids are running rings around
>> my network administrator. Just wanting tips on what we can do to improve
>> security.
>>
>> Typical issues:
>>
>> 1: Smart kids running .exe files
>>
>> 2: kids creating shortcuts to restricted areas
>>
>> 3: Kids bringing in network scanning tools on usb sticks and running them
>> on the network
>>
>> 4: kids accessing games site thru usb sticks and hidden links
>>
>> 5: Kids embedding games in excel spreadsheets and powepoint presentaion,
>> Word documents etc.
>>
>>
>>
>> Just to name but a few.
>>
>> Windows 2003 R2
>>
>>
>> We currently have a web filtering software, which I am not sure is up to
>> the job.
>> We are implementing GPO's to prevent exe files from being run.
>> We are alos using WRSM to restrict what files can be saved on the users
>> home drive.
>>
>> I am just looking for other ways to discourage kids from trying to breach
>> what we have.
>>
>>
>>
>> Thanks
>>
>> Patrick
>>
>>
>
>
Other related posts:
