Despite having in place proxy (that blocks numerous categories of sites like
social networking, public emails gmail, yahoo etc, shopping, video sites) plus
url filtering by Proofpoint plus AV for emails, we are still getting ransomware
& phishing compromises. Education did not help
In many cases, users click on attachments or links received via email.
So I suggest only 'commonly trusted' sites needed for work are permitted for
users to directly browse from their PCs but if they need to browse more or
do google search, they have to remote into a couple of 'dedicated PCs' to
browse the Internet : these few dedicated PCs will have hardening & possibly
IOCs (like those of OSSEC) & other protection but in the event of compromise,
it's only limited to these 'dedicated PCs'.
Drive sharing for these PCs to users regular PCs (which users use to
access our internal systems) are prohibited but files transfer is via say
TightVNC's files transfer method.
What does anyone think of this? Is it effective to stop ransomware?
It will be cumbersome but I guess this sort of "reverse jump host" could stop
the spread of compromises, ransomware etc.
Or users Rdp to these dedicated PCs with encryption but local resources
options in Rdp disabled : to further stop data leaks etc
If users download files, they will be made known that files can be wiped
out in the event there's infection, we'll need to reformat the PCs
Should these PCs join the AD/domain or just standalone to further help
stop any infection spread? I thought standalone is better.
Is it more secure to create local accounts on these dedicated PCs or use
domain accounts (if integrated into AD)