They all have shares on their tough drives utilizing CIFS/SMB!! I can centrally carry out it though, if i wish to. i think that is a safer choice too.
If you centrally carry out the shares you will additionally be equates to to do a unchanging malware scans of the files in a singular location. Aparate Foto best That would a time saver for you. It will guarantee higher accessibility of files to the finish user given the server is regularly on I pretence and if you have to take a complement offline due to infection the common files would still be available.
I do determine with what someone pronounced progressing about perplexing to close down the network, it might not be possibly and even after finished the threats might still begin possibly way. I think your most appropriate proceed is to secure the boxes, yield user recognition and if probable have a process in place to understanding with bad users.
I will go for the centralised option, and do you think i should muster squid and iptables too? Crispy. Thanks
Did you begin utilizing Untangle? It should have those facilities sort of facilities built in with a really accessible interface. Do you wish to carry out calm entrance in? I have messed with squid usually quickly total with dansguardian but it does begin really limiting but from the sounds of it the outward is not your greatest issue. No have a difference how you close own the network you will stay have the removable media threat.
There are additionally simpler options to have have have use of of of to filter Look in to OpenDNS. They have a free have have use of of where you implement a customer on a internal complement and set them as the DNS servers at the router level. At lets you carry out calm accessible by them and blocks the sites you confirm to be objectionable/unacceptable. The customer acts similar to a energetic dns customer keeping them updated to your WAN IP so it stays in sync with you. Then have certain the clients can"t shift their network settings.
Never did ask but where is this network? Work? A school?
I did begin utilizing interpretation and i think it"s really good, the usually complaint is that it can usually filter trade that is on opposite networks. Client is a videoer, Network is associated to that, customer usually paid for costly machines that needs to run Windows XP boxes since the module they have have have use of of of to run their module requires it. I have a feeling i should usually have 2 opposite networks and track usually the packets that i wish by to the alternative network. I can have have have use of of of interpretation as a router and to filter the traffics. I think that"s a great idea.
Not certain if that would work but it couldn"t hurt. Worst box unfolding you might have a little downtime but it would be elementary to tumble behind to the old network topology if needed. But I think securing/locking down the Windows machines might be the singular most appropriate thing you can do and we could plead that all day but this is the wrong for that.
Since this work associated can"t the employer have a little policies to forestall users from infecting their systems with removable media? Also may be a little user precision is in sequence to forestall malware issues? If they are bringing in putrescent drives that equates to they have putrescent home PCs so the precision could be done to see similar to you are essentially assisting them compromise their problems. Try to get them to implement antivirus module at home, there are copiousness of great free solutions avast, AVG, MS Security Essentials, etc.. Also see if the employer would be peaceful to squeeze a great AV resolution for the work systems too.
I could go all day but anyway. Hopefully this functions out for you.
Thanks again Crispy, i"ll try this choice for now, and we will additionally really have worker trainings, that is a must, i have discussed it with my customer per precision and AV solutions, he says i can do whatever i wish to guarantee the network and he is peaceful to invest. So hopefully we"ll be equates to to compromise this problem.
Can we call this solved or is that still up in the air?