asked on Secure Web Browsing
I am looking for opinions and comments on what others are doing to secure their company networks while still allowing some form of web browsing by users. I am looking for a solution that will allow me to limit my networks exposure to malware/viruses from users browsing the internet. I have the standard safe guards in place such as local antivirus on client PC's, border firewall, web proxy, etc... However, I am looking to secure our network and web browsing further.
What is everyone else doing? i.e.: Only allowing whitelisted sites. Using two browsers, one for internal sites/whitelisted sites and a sandboxed virtual browser for all other browsing. Using two PC's homed to different networks (public & private).
Any feedback of ideas and product solutions that I can consider would be greatly appreciated.
What is everyone else doing? i.e.: Only allowing whitelisted sites. Using two browsers, one for internal sites/whitelisted sites and a sandboxed virtual browser for all other browsing. Using two PC's homed to different networks (public & private).
Any feedback of ideas and product solutions that I can consider would be greatly appreciated.
Network Security
Last Comment
McKnife
it sounds to me you've got to keep a pretty tight environment locked down, you have mentioned most of the technical implementations there are. I would add something like McAffe site adviser to it too. Another layer to add is keeping an end user information security program where users involved and aware that internet connections are possibly "monitored". I've had many instances where just involving the user community in ways of ppt presentations, emails, short videos, etc., give them confidence to look out and report any suspicious link or emails before they open it.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thank you for the replies. With the Win2012 R2 Remote Desktop Server solution would this server sit inside your network environment or in a DMZ off of your regular network environment. Also with the remote desktop can multiple users connect into it for browsing at the same time or would you need multiple servers for this?
The server would sit whereever you like. It needs to be joined to the domain and of course it needs to have contact to your DCs via standard ports (outgoing), while the rest of the network will only need access to the RDP port (incoming, usually 3389).
The performance hunger of browsing has to be considered high, so let's say if there will be 25 users actively using it at the same time with each one having some tabs open, you need at least a 12 Core CPU (calculate only 2-3 users per CPU-core if you want to be sure), with at least 16 GB of RAM (calculate about 500-1000MB per user, depending on usage scenarios).
So if you are talking big business, hundreds of users, of course you need more than one server (or one machine from the very high end).
The performance hunger of browsing has to be considered high, so let's say if there will be 25 users actively using it at the same time with each one having some tabs open, you need at least a 12 Core CPU (calculate only 2-3 users per CPU-core if you want to be sure), with at least 16 GB of RAM (calculate about 500-1000MB per user, depending on usage scenarios).
So if you are talking big business, hundreds of users, of course you need more than one server (or one machine from the very high end).
Will write more tomorrow.