Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 99
  • Last Modified:

How to configure a Win7 not internet-connected ?

We have some Win7 computers inside our LAN solely used for connecting to our internal file server to run a single application. They don't need to connect to Internet and don't have CD drive, etc for user to install anything.
My question is, how to configure these computers to isolate from Internet so no virus or hacker's threat at all?
0
Castlewood
Asked:
Castlewood
1 Solution
 
JohnBusiness Consultant (Owner)Commented:
It might be easier to set up a VLAN for these machines and do not let the VLAN segment out to the internet.

This would allow you to connect them all at once for inevitable updating.

If on your LAN, manage the AV application from the server and that should handle virus protection.
0
 
tailoreddigitalCommented:
Set a static IP on those machines and block those IPs at the firewall.

You could still install software via a flash drive.
0
 
JohnBusiness Consultant (Owner)Commented:
Static IP addressing is a pain the butt over the long term, so avoid a static IP solution if you can.
0
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
Brian PringleSystems Analyst II, SCM, ERPCommented:
If you just want to block the users from getting online, setup a fake proxy server address in the network settings or in Internet Explorer connection settings.  The computer will not be able to get online, but will have access to the rest of your network.
0
 
CastlewoodAuthor Commented:
Again, the goal is to prevent virus or hacker's threat from internet. Would blocking the users from reaching out to internet pretty much prevent the threat??
0
 
JohnBusiness Consultant (Owner)Commented:
goal is to prevent virus or hacker's threat from internet.

Most people do not realize that antivirus is all rear guard action and users are never hapless victims.

So yes, keep users from accessing internet will help.

But that does not stop them from bringing a USB key from home (working at home) and plugging it into your network.

So even without internet, but sure to have server managed antivirus in place.
0
 
Brian PringleSystems Analyst II, SCM, ERPCommented:
Most "viruses" are actually trojans, adware, spyware, ransomware, and etc.  These don't usually get installed just by having a computer connected to a network.  Instead, it is almost always the fault of the user for them getting installed.  They browse the Web, click on things that they shouldn't click, and click "Yes" to the prompts to install it without thinking about what they are doing or the consequences.

If you have a good antivirus program installed, a firewall enabled, and prevent the users from getting on the Web, you will be fairly well protected.  However, as @John_hurst said above, you still need to worry about removable devices.  You can disable the USB ports in the BIOS, setup policies that prevent removable devices, and etc.  

The users are always the weakest link in security.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now