?
Solved

IT Security Issues

Posted on 2013-05-13
6
Medium Priority
?
222 Views
Last Modified: 2013-05-29
I would like to know if anyone has ever had to try to secure a network in which the users were very poorly educated.  I'm not talking rhetorically but realistically.  

I manage the network for a medium-sized, privately-owned manufacturing company.  That company hires the cheapest employees they can for their manufacturing positions.  Most of those employees are poorly educated (6th - 8th grade) and most of them speak Spanish, Vietnamese, or one of several African dialects.  I am struggling for a way to effectively communicate network security when I can barely communicate with these employees.  Management supports my efforts to tighten security up to but not including making an example of an offending employee.  As a result, I do seemingly endless counseling sessions where I see a lot of bobbing heads and hear a lot of affirmatives (in various languages) but see just as many blank stares.

If you have experience with this type of situation I would like to hear your recommendations.  Insights such as "fire the offenders", while reasonable, is not workable in our environment.
0
Comment
Question by:gspearman
  • 3
  • 2
6 Comments
 
LVL 10

Accepted Solution

by:
ienaxxx earned 600 total points
ID: 39161730
Very strong GPOs (like disable all removable storage and CD/DVD) and restricted internet browsing is not enough?

With GPOs you can even disable the single entries in the start menus and have a pc act more like a thin client... If you start looking at GPOs to block softwares and settings and you have users as they should be: only users of their computers, there should be no security issues...

The initial administrative effort will be truly big, but once done things are going to adjust by a single reasonable request at time.

So a proxy (like MS TMG 2010) that blocks all internet sites except work ones and GPOs will do the trick, IMHO.

HTH.
Bye!
0
 
LVL 17

Assisted Solution

by:surbabu140977
surbabu140977 earned 900 total points
ID: 39163119
Networks are only as secure as their weakest point.

windows domain--> strict policy--> no user rights--> usb's/dvd's locked up from setup--->no exe/program execution rights--->no driver installation rights---> enforcing proxy---> a standard firewall....... should do well.

In short, just open up what they require. Rest is blocked.
0
 

Author Comment

by:gspearman
ID: 39164613
Gotcha on the GPOs.  What about leaving a PC unlocked?  Secure that with a screensaver timeout?
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 17

Assisted Solution

by:surbabu140977
surbabu140977 earned 900 total points
ID: 39164661
Window's group policy will take care of locking. It can get locked after a predefined time of inactivity and users will not be able to control/change that.

If you configure group policies right,  it will let the user see and do what you want them to see and do.

Best,
0
 

Author Comment

by:gspearman
ID: 39164864
Any thoughts on the language barriers?  I've thought of having IT policies translated into the different dialects but the end users might not understand them, I couldn't translate them verbally, and HR wouldn't enforce them.
0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 39165793
No idea about that. It's a kind of dead end considering the literacy of the users........
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How does someone stay on the right and legal side of the hacking world?
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question