April 25, 2016 at 3:21 pm #8869SobiParticipant
I was wondering if you could help me with general information how to secure a company network.
Our company works in very competetive enviroment and we are affraid that somebody could hack into our system and steal our private data. Next there are many evil viruses and ransomewares which are a real nightmare if they get into your company network…
We have some basic security policy, but I think that it is simply not enough. My problem is that I would like to change it but I dont how. I simply dont have enough experience and knowledge and thats why I would like to ask you.
We have around 18 computers, 5 mobile notebooks (connecting to the comp. network through VPN tunnel) and 13 fixed desktop computers. Next 2 servers. First is Windows server 2012 (Standard edition) with all the shared data and also company Information system. Second is Linux based mail server. And finally one NAS for backups and a firewall (Zywall usg 100). Here you can see that all the hardware I already have but I need a help what can I do with it.
Im aware of the basics such as Windows user accounts without installation rights, restricted access for users to the server folders through domain accounts, Firewall ACLs, DMZ for mail server and so on. My problem is that there are many viruses like keyloggers, ransomwares and remote access tools which can get to the network through emails or can be downloaded by mistake and I dont know how to protect agains them. Of course, the best way would be being cut off from the internet, but it is really not a solution which would help me.
I know that here are many professionals with years of experience that could help me with simple advice. I would like to create some concept of changes before I eventually start. Just for your info, I have IT university and I was working in IT security companies for 3 years, but I had there only very narrow focus on the topic and 3 years are not many.
Now to my concept what I was thinking of. I would like to restrict internet access as much as I could. Employees usually use internet only for searching information. So, I want to have one physical operating system to access the Information system, LAN and mail server, but with no internet access. And then one virtual OS (in Virtualbox) that would be in different vlan and which would have access to the internet. I know that it is very difficult for viruses to jump from virtual machine to physical. My problem is that there are employees who need to have connected information system (IS) and access to the internet e.g. in the accounts. They use predefined files generated in IS which are uploaded directly in the internet. And I dont know how to solve this.
Im sure there must exist some concepts/best practices that other companies use which would help me solve my issues and I would be very gratefull if you could share them with me. I dont expect any assays, I just need some basic steps what to do or links to some articles which are dealing with company security. Yes, I was looking for it, but i have to say I wasnt really succesfull, because didnt know what Im looking for… I hope I made myself clear.
Thank you very much for any advice. 🙂
June 23, 2016 at 10:41 am #54274SecurexParticipant
you can pm me. I’ll try to help
You must be logged in to reply to this topic.