Solved

web browsing security on stand alone computers

Posted on 2013-02-01
8
349 Views
Last Modified: 2013-02-21
Have a location that has 5 standalone computers on 5 separate Comcast Bussiness Internet connections.  Separate front desks in different buidlings.

Several different receptionists and night security folks sit at the desks during any given day/night.  They are getting infected with junk, we are sure based on browsing bad places and doing things they should not be doing . They were setup with Microsoft Security Essential by the vendor but that is not enough.

Explorer is getting corrupted among other junk

They need to get to the internet as the product they use for front desk management and work orders,  tenant tracking etc is web based.

What products can you recommend to add to this mess that we can use to effectively block most bad sites from being surfed or block all but the vendors web site for the application they need?  I have told the boss taht no matter what the prodcut there has to be some oversight and managemetn of it.
0
Comment
Question by:to2007
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 5

Expert Comment

by:xperttech
ID: 38844494
to2007:

Let's start by describing your PCs. What OS are you running? Do users have admin-level access?
0
 

Author Comment

by:to2007
ID: 38844513
Windows 7 Pro 64 bit.   They have one user setup that all peopel log in as.  (that's they way they wanted it !)  They user has admin level access.
0
 
LVL 5

Expert Comment

by:xperttech
ID: 38844650
to2007,

Any way to convince the client to create a non-admin level user for day-to-day use?
They could have their admin user and know the password if they want, but they should refrain from using it for browsing the internet. This alone will help you protect the system and application areas from getting infected. The only piece that would get infected would be the user profile, but you could blow it and start over without having to re-install the PC.

If the above argument is not sufficient, then UAC "enabled" to as high as you can have it would also help. And, end-user education about not "clicking anything just 'because it has an OK button'" will go a long way.

Windows 7's User Access Control does a nice job at protecting even admins when it alerts a program needs elevated rights to run. At that point, if you did not mean to run "that attachment" or you did not mean to "just browse to that -nasty- site" that is trying to infect you; you can just brush it off by cancelling it at the UAC warning.

Microsoft Security Essentials and Defender, or any other respectable AV are rendered useless nowadays when people disable UAC and open/click-on undesired files/sites recklessly. After all, the user is giving it permission to run to which the AV is bypassed or overruled.

Hoe this helps!

-XT
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 150 total points
ID: 38844754
You can start with bitdefender

http://www.bitdefender.com/business/small-business-security.html#Features

Why do they need to have admin access for reporting things by web?
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:to2007
ID: 38844800
ok

all good info

but even if create a user that is not admin level  or if they are admin and set AC high, they can still go o sites and ignore warnings etc.  They have already been told not to use the comuter for personal browsing and still do.  We just don't have a way to trrack what person gets the computer infected and hacked etc.

I am really looking for i guess a good "parental control" prodcut to restrict web site access.  No shopping, no porno, no Facebook, no personal yahoo, msn, google email etc,    

in network environments we have used SOnicwall devices etc but that may be over kill in cost for eache of these indidivual standalaones to have their own SOnicwall device and subscription.  Heck maybe back to Nor6on 360 and parental conrols. Have never used it but assumeit can block sites.. We are i guesss wanting producto to say you can go to  www.buildinglink.com   and that is it!
0
 
LVL 5

Accepted Solution

by:
xperttech earned 350 total points
ID: 38844848
Like I said, there is no good AV that can prevent users from going to sites, or opening dangerous attachments.

As you point out, the other solution is to block sites and possibly certain attachments. This is more a policy based approach. Traditionally, you would configure a desktop firewall to block or prevent browsing, but there is a price: performance. The best way to handle this would be at the router/network level.

If you current router is not manageable or has not firewall/content-management features, then, what you need to do is insert a machine that does this for you.

The Parental Control solution is a local solution, like the desktop firewall I mentioned above. NetNanny (http://www.netnanny.com/features) is a well known one. But let me tell you. No solution is perfect without user involvement (education).

-XT
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 38845017
you can give the new tool from opendns a try umbrella:

http://www.umbrella.com/product-tour/

this is the feature list: http://www.umbrella.com/umbrella-security-features/

Especially:
security and web filtering
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 38845959
opendns has a lot of options that will make it easier for you.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now