Secure Web Browsing
I am looking for opinions and comments on what others are doing to secure their company networks while still allowing some form of web browsing by users. I am looking for a solution that will allow me to limit my networks exposure to malware/viruses from users browsing the internet. I have the standard safe guards in place such as local antivirus on client PC's, border firewall, web proxy, etc... However, I am looking to secure our network and web browsing further.
What is everyone else doing? i.e.: Only allowing whitelisted sites. Using two browsers, one for internal sites/whitelisted sites and a sandboxed virtual browser for all other browsing. Using two PC's homed to different networks (public & private).
Any feedback of ideas and product solutions that I can consider would be greatly appreciated.
What is everyone else doing? i.e.: Only allowing whitelisted sites. Using two browsers, one for internal sites/whitelisted sites and a sandboxed virtual browser for all other browsing. Using two PC's homed to different networks (public & private).
Any feedback of ideas and product solutions that I can consider would be greatly appreciated.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Look into the concept of using a remoteapp for browsing. I am tempted to say that this is the most secure solution there is.
Will write more tomorrow.
Will write more tomorrow.
it sounds to me you've got to keep a pretty tight environment locked down, you have mentioned most of the technical implementations there are. I would add something like McAffe site adviser to it too. Another layer to add is keeping an end user information security program where users involved and aware that internet connections are possibly "monitored". I've had many instances where just involving the user community in ways of ppt presentations, emails, short videos, etc., give them confidence to look out and report any suspicious link or emails before they open it.
Ok, back for more on remote controlled browsing ("ReCoBs")
We have a win2012 R2 Remote Desktop Server and it hosts chrome and IE11 as RemoteApps. The users can connect and those browsers are nearly as fast as if they were local - displaying HD videos inside the browser is possible.
At the server, we run Applocker to only allow these 2 browsers and their plugins to run - and nothing else. If a user comes across some virus that is not recognized by our AV software - nevermind. It will not run at the server because applocker won't let it. We have not had a virus for the last 12 years - and we are using that concept for about as long.
We have a win2012 R2 Remote Desktop Server and it hosts chrome and IE11 as RemoteApps. The users can connect and those browsers are nearly as fast as if they were local - displaying HD videos inside the browser is possible.
At the server, we run Applocker to only allow these 2 browsers and their plugins to run - and nothing else. If a user comes across some virus that is not recognized by our AV software - nevermind. It will not run at the server because applocker won't let it. We have not had a virus for the last 12 years - and we are using that concept for about as long.
Thank you for the replies. With the Win2012 R2 Remote Desktop Server solution would this server sit inside your network environment or in a DMZ off of your regular network environment. Also with the remote desktop can multiple users connect into it for browsing at the same time or would you need multiple servers for this?
The server would sit whereever you like. It needs to be joined to the domain and of course it needs to have contact to your DCs via standard ports (outgoing), while the rest of the network will only need access to the RDP port (incoming, usually 3389).
The performance hunger of browsing has to be considered high, so let's say if there will be 25 users actively using it at the same time with each one having some tabs open, you need at least a 12 Core CPU (calculate only 2-3 users per CPU-core if you want to be sure), with at least 16 GB of RAM (calculate about 500-1000MB per user, depending on usage scenarios).
So if you are talking big business, hundreds of users, of course you need more than one server (or one machine from the very high end).
The performance hunger of browsing has to be considered high, so let's say if there will be 25 users actively using it at the same time with each one having some tabs open, you need at least a 12 Core CPU (calculate only 2-3 users per CPU-core if you want to be sure), with at least 16 GB of RAM (calculate about 500-1000MB per user, depending on usage scenarios).
So if you are talking big business, hundreds of users, of course you need more than one server (or one machine from the very high end).
Premium Content
You need an Expert Office subscription to comment.Start Free Trial