Results 1 to 5 of 5

Thread: Ideal desktop Security/Hardening Solution?

  1. #1
    Junior Member
    Join Date
    Feb 2003
    Posts
    5

    Question Ideal desktop Security/Hardening Solution?

    Looking to determine what other's are doing to secure desktops. Issues to be considered:

    Hardening end-user desktops on Windows 95b, Windows 98, Windows 2000 Pro, Windows XP.

    Security and enforcement applies to: Desktop policies either 1) Novell Zenworks, 2) Windows NT4 based domain or 3) Active Directory GPO's, 4) 3rd party solution. In addition, it must include automation and pushing of patches (we've purchased Patchlink for this effort) and it must also consist of some form of notification (NIDS, SYSlog, etc) if any compromises (virus/worm, etc) appear.

    Environment is dispersed. Main office has 500-600 desktops and we have over 350 remote sites with about 5-10 PC's each and 4 brand offices with 40-60 desktops. All told, we hover around 4000 devices.

    Any suggestions appreciated.

  2. #2
    Senior Member deftones12's Avatar
    Join Date
    Jan 2003
    Location
    cali forn i a
    Posts
    333
    We use Novell here and it works fine. Manage all the servers through remote console....manage user ID's and Profiles through console one which is awesome...and push patches or virus scans through login scripts when they log into novell client. Novell Bordermanager for the firewall which we just upgraded...it all actually works pretty well. I never had experience with it before but since i got a job here its been awesome. Very few problems. As well as security, we havnet had any compromises. But one feature i like is the "Intruder Lockout" which if a person gets the login wrong 3 times in a row on a specific machine, it locks out that profile and the user has to notify an administrator to unlock it. It specifies the IP that the logins were being attempted at to see who was doin it and if it was the right person and so forth. We've been fightin this sobig worm and blaster worm for the last week or two and we havnet really had that many infections, we've just been forcin virus scan to run in the login scripts, so virtually anyone connected to the network obviously has been scanned and cleaned. Might wanna just give novell a peak and see what u think...not a bad networking client/admin pack.

  3. #3
    Junior Member
    Join Date
    Feb 2003
    Posts
    5
    We're already a mixed environment with 15+ NetWare 6 servers and 40+ Windows 2000/2003 servers. We're making the move away from eDirectory, Zen and GroupWise and going to Win2003, AD and Exchange due to integration issues with portal, mail, etc.

    We currently use McAfee on the desktops and push AV via EPO, but McAfee is crap and we're looking for a better way to 1) secure the desktop and 2) get notification if any events occur.

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    VirusScan7.0 from NAI is much better than their older netshield4.5 product. We run that in our environment with EPO managing the updating/scanning of the environment and we have very little issues with it. What we have also done is created 500 bogus entries at the beginning of our exchange directory so that if a virus starts to spread it will more than likely send an email to one of those lists. Once a virus comes into one of those lists it immediately sends a notification to our security/AV team to have somebody lock down that mailbox and work with the user. This works great for the mass mailing type virii. We have 150k+ devices on our network which is global, so being notified of every virus infection on the network really isn't something that is doable.

  5. #5
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    You can Lock down the 2k and XP machine through Group Policy on the 2k servers. There are many things that you can do in Group Policy to lock down these computers.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •