Advice please: How would you secure this network?

Giganews Newsgroups
Subject: Advice please: How would you secure this network?
Posted by:  Lynnex1138 (Lynnex11…
Date: Mon, 2 Mar 2009


I oversee a small (>150) network of PCs and a couple of Macs. We are a
non-profit health care facility that has clients in and out all day using the
computers. The majority of our computers are old, P4's some with 256k fo ram
running windows 2000 sp4.Most of our users log in with a common userid that
gives them very limited rights on the network however most of what they do is
surf the web and most of this is not business related but done for

We have alot of people who want to download music, look at porn, chat,
download and install programs like limewire and upload to file sharing sites.
When I started working here there was virtually no security or web filter in
place. We have the following:

The lowest level content filter from the sonic wall pro 2040
Symantec antivirus 10.0.1

Last fall we were blacklisted due to a trojan sending out emails. We scanned
all our machines and found several viruses not detected by our anti-virus
program. I am always finding various trojans on the network.

Right now, I have done the following:

    * enacted group policies to prevent downloads and installations
    * disabled floppy, cd-rom and usb drives
    * blocked all chat and instant messaging
    * Allow personal computers to access the network only under IT supervision
    * Blocked smtp on all machines except our mail server

I am testing websense as a content filter and hope to be able to use it so I
can block streaming video and a whole host of other stuff our old content
filter doesn't cover. I am also wondering if there are better anti-virus
programs for our network, like trend micro?

I am looking for suggestions as to how any of you would further secure this
network if it were up to you. Any and all suggestions and questions are
welcome as I am rather a novice when it comes to security.

thanks for any and all help!