|
|
||||||
|
||||||
| Index Link To US Private Messages Archive FAQ RSS | ||||||
| Internet Security Discussion Forum This forum is for the discussion of security related issues. If you find a new Phishing scheme, spyware, virus or malicious site - let us know about it. If any of the above found you... here's where you ask for help. |
Share Thread: & Tags
|
||||
|
![]() |
|
|
LinkBack | Thread Tools | Display Modes |
|
||||
|
Having AV software on a network is only a small part of protecting it. One of the main problems facing any business, with a network and employee's, is stopping viruses and malware at the employee level. Unfortunately employee's still download those lovely programs with malware attached to them, and they still open attachments.
I'm curious as to how many members have a policy in place addressing this issue and how you "police" your employee's? Is disciplinary action taken if a malware infested program or virus is discovered on an employee's computer? What have you found to be most effective? Do employee's have access to training on the matter of security? With virus creation and quicker releases of new versions security is more of an issue now than it once was - and growing rapidly. There are many companies who are not taking it as seriously as they should because of lack of information or mis-information. There are companies who do take it seriously, thankfully, but even they fall short in area's. Having an AV program is not the solution it's only a drop in the bucket. I rant about this all the time, I know :) I am really curious to see the responses - so I'll go sit down and be quiet. :)
__________________
Forum Rules "Cat washing IS a martial art." "Remember Today IS Yesterdays Tomorrow" |
|
||||
|
As harsh as it gets.
Anyone caught using a windows machine on the internet is fired. They are for testing and internal use only, all internet activity must be done with Linux.
__________________
Irony: That for most people the most "trusted" web site on the planet is for a company the has been convicted of criminal activity. Both Security and SuSe start with "S". www.oldslides.com |
|
||||
|
Considering security threats these days, I do not think that is to harsh. If more companies would incorporate that - sys admins would breath a bit easier I'm sure.
There's just not enough education or implementation going on and it's sad. The threat is getting worse and unless steps are taken....people better cross their fingers that all back-ups are done previous to infection.
__________________
Forum Rules "Cat washing IS a martial art." "Remember Today IS Yesterdays Tomorrow" |
|
||||
|
I retired a few years ago but the policy was never as strict as some of your replies. I worked in a large company in Silicon Valley for about 10 years and nobody was ever penalized for using the internet.
I actually think our IT department enjoyed it when a computer got infected. That let them get new virus info. Our computer network (a few hundred or more PCs) was constantly updated with McAfee Virus protection nearly daily. I don't know of anyone in our company with a computer that was down for more than a few hours.
__________________
StuW http://www.bowiewebdesign.com - cutting edge web development where visions become reality. http://www.spwwebwork.com - affordable original web design. |
|
||||
|
Hi,
I have setup small neotwork of 25 machines in our office... I have done following things to stop users from downloading virus or spyware files.. 1. blocked download of exe,msi files 2. virus check of all the mails on mail server 3. allowed only certain files as mail attachments 4. I have blocked all the ports except some standard ones like 21,80,22... infact our firewall does support scanning of web pages for virus also but i have disabled this feature for the time being... I think if you are on Windows server then I would suggest using Kerio Winroute Firewall and applying rules..and for mails MDaemon is very good you can even setup Active Directory and block access to running unknown files on user machines using Group Policies... for linux machine Squid or Safe Squid (very impressive) and for mail server qmail or sendmail.... Regards Deep
__________________
Deep Ganatra Gifts to India - Cisco Certification Training - CSS Based Website Design |
|
|||
|
Haha, Deep13, you beat me to it.
GPE is basically pretty simple to set almost anything on a Windows network, or single workstation or user basis: http://www.theeldergeek.com/gp05.htm http://support.microsoft.com/kb/307882/EN-US/ |
|
||||
|
Quote:
__________________
Irony: That for most people the most "trusted" web site on the planet is for a company the has been convicted of criminal activity. Both Security and SuSe start with "S". www.oldslides.com |
|
|||
|
Employee education is the key to security. The computer is a tool an employee uses in the process of their job.
If they cannot use and maintain it properly the are not qualified for the job. Would you hire a driver if the didn't have a drivers license? Excessive restrictions like limiting downloads and access only emphasizes the employees incompetance. For all of the money spent on antivirus software and appliances, I think a properly developed and implemented training program can be far more beneficial than the typical bandaids and wheel spinning. "Social engineering" is so successful from the outside because companies fail with positive "social engineering" internally. |
![]() |
|
| Thread Tools | |
| Display Modes | |
|
|
|
WebProWorld |
Advertise |
Contact Us |
About |
Forum Rules |
MVP's |
Archive |
Newsletter Archive |
Top |
WebProNews
WebProWorld is an iEntry, Inc. ® site - © 2009 All Rights Reserved Privacy Policy and Legal iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509 |