Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 94
  • Last Modified:

How to configure a Win7 not internet-connected ?

We have some Win7 computers inside our LAN solely used for connecting to our internal file server to run a single application. They don't need to connect to Internet and don't have CD drive, etc for user to install anything.
My question is, how to configure these computers to isolate from Internet so no virus or hacker's threat at all?
0
Castlewood
Asked:
Castlewood
1 Solution
 
John HurstBusiness Consultant (Owner)Commented:
It might be easier to set up a VLAN for these machines and do not let the VLAN segment out to the internet.

This would allow you to connect them all at once for inevitable updating.

If on your LAN, manage the AV application from the server and that should handle virus protection.
0
 
tailoreddigitalCommented:
Set a static IP on those machines and block those IPs at the firewall.

You could still install software via a flash drive.
0
 
John HurstBusiness Consultant (Owner)Commented:
Static IP addressing is a pain the butt over the long term, so avoid a static IP solution if you can.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Brian PringleSystems Analyst II, SCM, ERPCommented:
If you just want to block the users from getting online, setup a fake proxy server address in the network settings or in Internet Explorer connection settings.  The computer will not be able to get online, but will have access to the rest of your network.
0
 
CastlewoodAuthor Commented:
Again, the goal is to prevent virus or hacker's threat from internet. Would blocking the users from reaching out to internet pretty much prevent the threat??
0
 
John HurstBusiness Consultant (Owner)Commented:
goal is to prevent virus or hacker's threat from internet.

Most people do not realize that antivirus is all rear guard action and users are never hapless victims.

So yes, keep users from accessing internet will help.

But that does not stop them from bringing a USB key from home (working at home) and plugging it into your network.

So even without internet, but sure to have server managed antivirus in place.
0
 
Brian PringleSystems Analyst II, SCM, ERPCommented:
Most "viruses" are actually trojans, adware, spyware, ransomware, and etc.  These don't usually get installed just by having a computer connected to a network.  Instead, it is almost always the fault of the user for them getting installed.  They browse the Web, click on things that they shouldn't click, and click "Yes" to the prompts to install it without thinking about what they are doing or the consequences.

If you have a good antivirus program installed, a firewall enabled, and prevent the users from getting on the Web, you will be fairly well protected.  However, as @John_hurst said above, you still need to worry about removable devices.  You can disable the USB ports in the BIOS, setup policies that prevent removable devices, and etc.  

The users are always the weakest link in security.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now