asked on
Dedicated PCs for staff to access Internet (to contain malwares, ransomwares, etc)
Despite having in place proxy (that blocks numerous categories of sites like
social networking, public emails gmail, yahoo etc, shopping, video sites) plus
url filtering by Proofpoint plus AV for emails, we are still getting ransomware
& phishing compromises. Education did not help
In many cases, users click on attachments or links received via email.
So I suggest only 'commonly trusted' sites needed for work are permitted for
users to directly browse from their PCs but if they need to browse more or
do google search, they have to remote into a couple of 'dedicated PCs' to
browse the Internet : these few dedicated PCs will have hardening & possibly
IOCs (like those of OSSEC) & other protection but in the event of compromise,
it's only limited to these 'dedicated PCs'.
Drive sharing for these PCs to users regular PCs (which users use to
access our internal systems) are prohibited but files transfer is via say
TightVNC's files transfer method.
Q1:
What does anyone think of this? Is it effective to stop ransomware?
It will be cumbersome but I guess this sort of "reverse jump host" could stop
the spread of compromises, ransomware etc.
Q2:
Or users Rdp to these dedicated PCs with encryption but local resources
options in Rdp disabled : to further stop data leaks etc
Q3:
If users download files, they will be made known that files can be wiped
out in the event there's infection, we'll need to reformat the PCs
Q4:
Should these PCs join the AD/domain or just standalone to further help
stop any infection spread? I thought standalone is better.
Q5:
Is it more secure to create local accounts on these dedicated PCs or use
domain accounts (if integrated into AD)
social networking, public emails gmail, yahoo etc, shopping, video sites) plus
url filtering by Proofpoint plus AV for emails, we are still getting ransomware
& phishing compromises. Education did not help
In many cases, users click on attachments or links received via email.
So I suggest only 'commonly trusted' sites needed for work are permitted for
users to directly browse from their PCs but if they need to browse more or
do google search, they have to remote into a couple of 'dedicated PCs' to
browse the Internet : these few dedicated PCs will have hardening & possibly
IOCs (like those of OSSEC) & other protection but in the event of compromise,
it's only limited to these 'dedicated PCs'.
Drive sharing for these PCs to users regular PCs (which users use to
access our internal systems) are prohibited but files transfer is via say
TightVNC's files transfer method.
Q1:
What does anyone think of this? Is it effective to stop ransomware?
It will be cumbersome but I guess this sort of "reverse jump host" could stop
the spread of compromises, ransomware etc.
Q2:
Or users Rdp to these dedicated PCs with encryption but local resources
options in Rdp disabled : to further stop data leaks etc
Q3:
If users download files, they will be made known that files can be wiped
out in the event there's infection, we'll need to reformat the PCs
Q4:
Should these PCs join the AD/domain or just standalone to further help
stop any infection spread? I thought standalone is better.
Q5:
Is it more secure to create local accounts on these dedicated PCs or use
domain accounts (if integrated into AD)
SecurityOS SecurityNetwork SecurityActive DirectoryWindows OS
Last Comment
btan
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Let's leave aside internal risks because so far, all our compromises are due to users
opening malicious emails or visiting unsafe sites: getting hundreds every month.
How do we disable macros & does it help specifically for ransomware/cryptolocker?
Btw, MS Rdp is limited to 2 sessions, so I guess have to use TightVNC etc
opening malicious emails or visiting unsafe sites: getting hundreds every month.
How do we disable macros & does it help specifically for ransomware/cryptolocker?
Btw, MS Rdp is limited to 2 sessions, so I guess have to use TightVNC etc
ASKER
Btw, which zipping/encryption tool does ransomware uses or they come with their
own flavors? If Windows zipping is used, I'll consider disabling this Windows zipping
/encryption tool in those PCs used to access Internet
own flavors? If Windows zipping is used, I'll consider disabling this Windows zipping
/encryption tool in those PCs used to access Internet
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
developers can be your best asset and your worst nightmare
there are always ways to work around security
when someone says their pc is protected against any cyberattack, by simply not connecting it to the internet, i often ask if it's coffee proof ...
pouring a coffee into a system nearly always brings it down
what will you do next ... prohibit coffee ?
consider letting the worst people help you in protect the system
even have them work with you for a day, they might see the light and what their actions cause