Solved

How to configure a Win7 not internet-connected ?

Posted on 2015-01-22
7
77 Views
Last Modified: 2015-02-02
We have some Win7 computers inside our LAN solely used for connecting to our internal file server to run a single application. They don't need to connect to Internet and don't have CD drive, etc for user to install anything.
My question is, how to configure these computers to isolate from Internet so no virus or hacker's threat at all?
0
Comment
Question by:Castlewood
7 Comments
 
LVL 92

Expert Comment

by:John Hurst
ID: 40565628
It might be easier to set up a VLAN for these machines and do not let the VLAN segment out to the internet.

This would allow you to connect them all at once for inevitable updating.

If on your LAN, manage the AV application from the server and that should handle virus protection.
0
 
LVL 23

Expert Comment

by:tailoreddigital
ID: 40565630
Set a static IP on those machines and block those IPs at the firewall.

You could still install software via a flash drive.
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 40565634
Static IP addressing is a pain the butt over the long term, so avoid a static IP solution if you can.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 16

Accepted Solution

by:
Brian Pringle earned 500 total points
ID: 40565666
If you just want to block the users from getting online, setup a fake proxy server address in the network settings or in Internet Explorer connection settings.  The computer will not be able to get online, but will have access to the rest of your network.
0
 

Author Comment

by:Castlewood
ID: 40565723
Again, the goal is to prevent virus or hacker's threat from internet. Would blocking the users from reaching out to internet pretty much prevent the threat??
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 40565732
goal is to prevent virus or hacker's threat from internet.

Most people do not realize that antivirus is all rear guard action and users are never hapless victims.

So yes, keep users from accessing internet will help.

But that does not stop them from bringing a USB key from home (working at home) and plugging it into your network.

So even without internet, but sure to have server managed antivirus in place.
0
 
LVL 16

Expert Comment

by:Brian Pringle
ID: 40568280
Most "viruses" are actually trojans, adware, spyware, ransomware, and etc.  These don't usually get installed just by having a computer connected to a network.  Instead, it is almost always the fault of the user for them getting installed.  They browse the Web, click on things that they shouldn't click, and click "Yes" to the prompts to install it without thinking about what they are doing or the consequences.

If you have a good antivirus program installed, a firewall enabled, and prevent the users from getting on the Web, you will be fairly well protected.  However, as @John_hurst said above, you still need to worry about removable devices.  You can disable the USB ports in the BIOS, setup policies that prevent removable devices, and etc.  

The users are always the weakest link in security.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Gmail Account risks 4 78
Sharepoint: Renewing mapped drive connection automatically? 5 32
Class object 2 26
PC not downloading updates 9 44
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now