If you work for a large company, chances are you have a specialised IT department. In fact many companies have different departments under this, to look after hardware, software, fault fixing and infrastructure. For many though in smaller business, IT tends to get delegated to a few people or even one person who just happens to be more IT literate than the rest. The problem is even in a smaller organisation of a few people running and configuring a corporate network can be extremely time consuming. As soon as that network is connected to the internet, the amount of work will rise exponentially with every client connected.
Take for example a friend of mine who is one of those roles – he’s the ‘go-to’ IT guy although it’s not his main job. The business network consists of a two servers and 16 connected PC and a few laptops. It doesn’t sound much but a typical day he’ll get support calls for hardware and software, problems with printing, a DDoS attack on the companies file server (which appears to be being accessed remotely) plus the chief executive’s laptop is riddled with viruses as his daughter’s been downloading pirated music on it. Any one of these issues could take hours to solve on their own and even firefighting could take a whole department.
However this or similar is a reality facing many employees as they struggle to keep a network up and operational without the time and experience. It’s hardly surprising that if you go online you can find literally thousands of these networks easily accessible from the internet. They are used as illicit file repositories, launchpads for DoS attacks or simply monitored and logged as a source of email and online bank accounts for identity thieves.
The easiest way to minimize the workload is of course, don’t connect the network to the internet. This however is easier said than done, disconnecting every user from getting their internet fix at lunchtime is likely to prove unpopular. There are things you can do to minimize the work load and reduce both the risk and work involved in your network. For a start ensure everything comes through a single point, a company proxy server, this allows you to control access and check for things like viruses centrally before they hit your network. Never have a host of computers directly connected to the internet, without some central control you’re at a huge risk. Allowing access to the internet is one thing, but having a host of computers constantly streaming movies to their desktop is entirely different. There was much relief last month when the Netflix VPN ban was implemented, because it effectively blocked access from any commercially registered IP address – read about it here.
However you don’t need to rely on others to restricted access, a company proxy and firewall will give the administrator control. Once you have achieved this, you need to limit the power that any user has to modify these settings from their client. Don’t let users change browsers or bounce their connections through proxies and relays – they don’t need to do this. Most windows PCs can be locked down centrally using group policy objects and Internet explorer settings. The more locked down the network and client, the safer it is and the less work it will be to administer.
Additional Reading: Residential VPN, James Collins, Haber Press, 2015