Avatar of IS_Team
IS_Team
Flag for United States of America asked on

Secure Web Browsing

I am looking for opinions and comments on what others are doing to secure their company networks while still allowing some form of web browsing by users.  I am looking for a solution that will allow me to limit my networks exposure to malware/viruses from users browsing the internet.  I have the standard safe guards in place such as local antivirus on client PC's, border firewall, web proxy, etc...  However, I am looking to secure our network and web browsing further.

What is everyone else doing?  i.e.:  Only allowing whitelisted sites.  Using two browsers, one for internal sites/whitelisted sites and a sandboxed virtual browser for all other browsing.  Using two PC's homed to different networks (public & private).

Any feedback of ideas and product solutions that I can consider would be greatly appreciated.
Network Security

Avatar of undefined
Last Comment
McKnife

8/22/2022 - Mon
McKnife

Look into the concept of using a remoteapp for browsing. I am tempted to say that this is the most secure solution there is.

Will write more tomorrow.
Jorge Diaz

it sounds to me you've got to keep a pretty tight environment locked down, you have mentioned most of the technical implementations there are. I would add something like McAffe site adviser to it too. Another layer to add is keeping an end user information security program where users involved and aware that internet connections are possibly "monitored". I've had many instances where just involving the user community in ways of ppt presentations, emails, short videos, etc., give them confidence to look out and report any suspicious link or emails before they open it.
ASKER CERTIFIED SOLUTION
McKnife

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
IS_Team

ASKER
Thank you for the replies.  With the Win2012 R2 Remote Desktop Server solution would this server sit inside your network environment or in a DMZ off of your regular network environment.  Also with the remote desktop can multiple users connect into it for browsing at the same time or would you need multiple servers for this?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
McKnife

The server would sit whereever you like. It needs to be joined to the domain and of course it needs to have contact to your DCs via standard ports (outgoing), while the rest of the network will only need access to the RDP port (incoming, usually 3389).
The performance hunger of browsing has to be considered high, so let's say if there will be 25 users actively using it at the same time with each one having some tabs open, you need at least a 12 Core CPU (calculate only 2-3 users per CPU-core if you want to be sure), with at least 16 GB of RAM (calculate about 500-1000MB per user, depending on usage scenarios).

So if you are talking big business, hundreds of users, of course you need more than one server (or one machine from the very high end).