Blocking Office PC

[win2kseries]

I was just wondering how we can prevent our users from accessing Office
PC from home. I have tried myself by signing to this online company and
now I can access my work PC from home through internet. We have our own
VPN but not for everybody. For sure we can use firewall to block this
website, but all the users need to do is download that .exe from
another PC and then install it to host(work) PC and it's good to go.
Most our users are member of Local Admin for some reason.....

I am not a Firewall expert so any idea and input is a big help and
appreciated

 

[dinodod]

Well, audit your network and monitor the application for the ports it
uses. Or maybe a web site will have the information. Then deny it if
possible, making sure not to block other apps that might use the port.

You can always change the NTFS permissions to deny access to the
folder.

 

[dalawam]

yeah, but there are too many companies now that offer remote access. Is
there a way to block all of them

 

[Malke]

I was just wondering how we can prevent our users from accessing
Office PC from home. I have tried myself by signing to this online
company and now I can access my work PC from home through internet. We
have our own VPN but not for everybody. For sure we can use firewall
to block this website, but all the users need to do is download that
.exe from another PC and then install it to host(work) PC and it's
good to go. Most our users are member of Local Admin for some
reason.....

I am not a Firewall expert so any idea and input is a big help and
appreciated

The proper way to use a firewall is to deny everything except what
absolutely needs to be allowed. In a business, you need to couple the
technical end with a human resources policy covering computer and
network use with consequences for disobeying clearly set out.

Your last sentence is a big clue. Since this is a business, you really
should get a professional in to set you up properly. I'm not saying
this to hurt your feelings in any way, but from your post it is clear
that your business network is not properly secured. If you don't get an
effective, correctly-configured firewall in place and corporate
policies covering computer/network use, you are heading for disaster.
Think what would happen if all the computers on your network were
infected with a virus that destroyed all the data. How quickly could
you recover? Do you have backups and a disaster strategy?

Again, I'm not trying to be mean to you. My clients are home users and
small businesses and I know first-hand what can happen when a small
business has not been set up properly (not by me!) from a
security/recovery standpoint because I've had to go in and mop up. The
relatively small amount you spend on getting things done right will be
worth it in the long run.

Malke

 

[Leythos]

yeah, but there are too many companies now that offer remote access. Is
there a way to block all of them

Ask yourself not how to block them, but why you are allowing outbound to
non-business partners and approved sites. Workers don't need web access
most of the time, and then they only need approved sites.

If you don't want people to access services in public, either get a
better firewall setup, or start implementing the idea that Internet
access is a waste of company resources for most companies to provide to
their employees.

 

[Adam Leinss]

(e-mail address removed) wrote in

I was just wondering how we can prevent our users from accessing
Office PC from home. I have tried myself by signing to this online
company and now I can access my work PC from home through
internet. We have our own VPN but not for everybody. For sure we
can use firewall to block this website, but all the users need to
do is download that .exe from another PC and then install it to
host(work) PC and it's good to go. Most our users are member of
Local Admin for some reason.....

Easy, start taking them out of the local administrator's group. You
have more issues to worry about them being local administrators then
remote access issues to your boxes.

What does your IS Security Policy say?

Do you have one?

Does upper management support such policies?

Are there consequences to users loading unauthorized software?

What's funny is I heard an ad on XM Radio for gotomypc.com and they act
like loading their remote software on your office PC is ok.

Adam