Network secuirty help needed

XLeezardx

XLeezardx

[H]ardChef
Joined
Apr 30, 2005
Messages
7,934
I work in a small private company of 20 employee's. We have a small dell server on a basic 24 port switch and linksys router. We are currently on a T-1 and our bandwith split for voice and data. Well... couple of my co-workers are taking too much bandwith and is slowing the network down. They always get viruses and I have to constantly fix or format their PC's. I tried giving them guess privilege but they get pissed off and cry unfairness.

Anyways, I need a solution once and for all. I need to somehow limit their bandwith or some sort. Company will not spend $$$ on another switch or a good firewall. Is there anything i can do to limit bandwith on thier PCs only? Some type of network setting to cap bandwith or some software i can install on their PC?
 
look at building Untangle with a machine, and maybe buy the AD connector so you can block users.
 
on the switch can you be specific on what the port speed is? turn them down to 10 mb.. if you really want to prove a point 10mb half duplex
 
sounds like a few different things.

Maybe start off (if you have authorization) blocking social networking and media website through ACL's, or even use opendns.

I assume when you mentioned guest priv's that you have a workgroup setup, time for a DC?

Education goes a long way, try setting up a company meeting to let people know the impact on your time and infrastructure that their habits cause, it might go a long way.
 
XLeezardx said:
.....couple of my co-workers are taking too much bandwith and is slowing the network down. They always get viruses and I have to constantly fix or format their PC's. I tried giving them guesT privileges but they get pissed off and cry unfairness.
Click to expand...

:confused:They cry unfairness to who? :confused:
How about telling the boss/owner how much this is costing the company in lost productivity/ loss of computer use to downtime/ security risks to the company's empoyee, payroll, etc data due to virus/spy/malware........costs associated with slower network operation....................I can go on more if you need to.

I'd talk to the boss, explain the issues, and LOCK EM' DOWN. They can suck it up and work. I'm sure they aren't getting viruses from the real work they are supposed to be doing.
 
If you have a spare computer and an extra NIC laying around then it is time to install Untangle or Endian or Clark Connect on there and get yourself a content filter and decent firewall. You can also setup QoS to prioritize certain types of traffic.
 
Yeah all of the above......
If the company won't spend money....turn towards an open source distro like those mentioned above. I've had Untangle improve quite a few of my clients networks.

Sounds like you need good antivirus protection on all the workstations too...what are you doing in that aspect?

And as mentioned above....bring this PROBLEM to the bosses. If your bosses are screaming about budget...well...the time it takes you to troubleshoot/backup data/wipe clean/reinstall/restore data...that is lost productivity of that person who was using that workstation. That employee is not sitting at their computer doing their work for the X amount of hours it takes you to redo their system (probably near 1 full day) Lost productivity is the same thing as throwing money out the window.

OpenDNS is another great free added layer of protection and control. Use that as your DNS servers in DHCP (if no active directory)...or set it as your DCs DNS forwarders if you are using active directory. It helps blocks known malware sites from resolving...so you gain some protection there. And you can setup content filtering for FREE! To block sites like social networking sites and other crap that brings in malware.
 
Same as YeOlde...

You're the admin right? Your company should have a network policy that all the users should sign. "will not go to site a, b, c." or whatever.

$20 says bandwidth hogger is the boss :p
 
They get pissed off and cry? To who? If the bosses are siding with them, then good luck. Otherwise, a simple coversation with the bosses should suffice to get these guys locked down.

Guest accounts, OpenDNS and QoS.
 
build a smoothwall firewall. (unlike untangle) its all free. enable qos and set it up. then bandwidth throttle your crybabies. think you can do it by mac addy or ip dont memeber for sure. all in all i would make them stay as guest if they keep tearing up their machine. if they dont like it to bad there at work. and if that doesnt help you can always setup your own DNS if ya already have the server and do redirects on all there goof sites like myspace, facebook etc etc.. theres alot of way to handle them you could also block the ports they are using if they are getting alot of virus sounds like p2p software there. but make long and short theres a millon way to can there crap just matters which one you wanna use.

Question do you have active directory setup ?
 
You must log in or register to reply here.
Back
Top