General discussion


Reduce internal browsing

By editor's response ·
Tell us what you think about Mike Mullins' suggestions for reducing internal browsing and preventing users from disconnecting from shared resources, as featured in the Dec. 4 Network Security e-newsletter. Do you have other suggestions that your IT peers may find useful?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

While the tip is good

by LordInfidel In reply to Reduce internal browsing

When I build a new machine, I do not physically attach it to the network AT ALL until it is completed.

Once I have finished installing everything (programs, sp's, hf's) then I will deploy it on the netwk (ie join to the domain)

I follow the mindset of "until it's done and hardened, it does not get deployed".

While this is fine for netwks that do not use over the netwk installs. For those companies that use over the netwk installs, I reccomend creating a segemented netwk that is not connected to either the net or the lan to install the machines on.

On a side note, all of the programs I install come from a known source that I created. I created a central location/repository for programs that only myself and my counterparts in the company can get to. From that location we do our installs from. For the majority of small programs that we use (media players, real player, winzip, acrobat, hf's etc), we have a installation directory that contains all of those standard programsthat are installed on each machine. From that directory we create a set-up cd so that we can install from the cd locally. Same with the hotfixes. They all get burned onto cd, then using a bat file and qchains, we install all the hotfixes at once.

While the reg hack is cool, properly installed permissions throughout the domain and on machines should prevent unwanted browsing by the casual user.

The NoNetDisconnect is useful for those users who "continously" lose their netwk shares.

Collapse -

Good response

by Mike Mullins In reply to While the tip is good

I whole heartedly agree with you. It doesn't go on the network until it's "hard". There's always someone on the network that likes to "look and see what's there" and modify their own connections. My real intent was to provide a method of stopping users from creating headaches.
"If there weren't any users, the network would run perfectly!"

Collapse -

I understood that part

by LordInfidel In reply to Good response

But unless you have AD installed to push out the reg hack. It might be a pain in the *** to do it for everyone.

Personally, I would reserve the browse issue for a restrictive set of machines. Like if I was setting up a "public" type network within my existing network. And I did not want that set of users to even see the other networks, but they had to be on the same subnet.

Or use it for that person who is trying to get into everything that they are not supposed to.

But like I said before. A properly secured network using restrictive permissions stops people dead in their tracks.

Related Discussions

Related Forums