Team OS : Your Only Destination To Custom OS !!

Welcome to TeamOS Community, Register or Login to the Community to Download Torrents, Get Access to Shoutbox, Post Replies, Use Search Engine and many more features. Register Today!

Locked Improve my network safety

Status
Not open for further replies.
Downloaded
89.9 GB
Uploaded
57.1 GB
Ratio
0.63
Seedbonus
8,613
Upload Count
0 (0)
Member for 6 years
Hi,

I need some help about my security. I want yours opinion :)

Today i use a VM (Pfsense) in my Windows Server 2016 as Firewall. Windows is updated. I'm using Symantec Endpoint Protection as Antivirus and Kaspersky Anti-Ransomware Tool for Business against Ramsonware attack.

None of this is "lincensed".

My network have: 1 Windows Server 2016 as DC and File Server. VM with Pfsense Firewall and a VM with Windows 10 Pro to remote access users by RDP and 20 users locally.

What i can do to Upgrade my security level?

Tnks you all.
 

Hawkeye

Uploader
✅ Verified Member
Member
Downloaded
31.7 GB
Uploaded
23.6 TB
Ratio
763
Seedbonus
200,331
Upload Count
216 (218)
Member for 7 years


give this a look
 
Downloaded
89.9 GB
Uploaded
57.1 GB
Ratio
0.63
Seedbonus
8,613
Upload Count
0 (0)
Member for 6 years
 

Wizzie2k

Member
Downloaded
206.8 GB
Uploaded
118.2 TB
Ratio
585.06
Seedbonus
2,285,052
Upload Count
0 (0)
Member for 5 years
Hi William,

how are the remote users connecting to the local network? VPN or?
 
Downloaded
89.9 GB
Uploaded
57.1 GB
Ratio
0.63
Seedbonus
8,613
Upload Count
0 (0)
Member for 6 years
no VPN for now....that is one of chance i will setup soon.
 

Wizzie2k

Member
Downloaded
206.8 GB
Uploaded
118.2 TB
Ratio
585.06
Seedbonus
2,285,052
Upload Count
0 (0)
Member for 5 years
With remote users it's important to secure how they connect to the local network. As You are using PfSense as Your firewall, you have all the tools You need.
Do a Google search for 'pfsense blog andreev and You will find a step-by-step guide, if needed how to do it. Good luck my friend and post Your progress!!
 
Last edited by a moderator:

vdogeek

🤴 Super Admin
Uploader
Downloaded
93.5 GB
Uploaded
56.4 TB
Ratio
617.64
Seedbonus
8,217,087
Upload Count
1199 (1205)
Member for 9 years
@Wizzie2k , in your post there is a hidden link, that is what the team does not want to see here, you need to watch for that, i'll remove the link.
 

Wizzie2k

Member
Downloaded
206.8 GB
Uploaded
118.2 TB
Ratio
585.06
Seedbonus
2,285,052
Upload Count
0 (0)
Member for 5 years
@Wizzie2k , in your post there is a hidden link, that is what the team does not want to see here, you need to watch for that, i'll remove the link.

OK:worried: Where was the hidden link? I did definitly insert any link in the post. Is it created in some way by the system or? Please explain so I know and understand...
 

vdogeek

🤴 Super Admin
Uploader
Downloaded
93.5 GB
Uploaded
56.4 TB
Ratio
617.64
Seedbonus
8,217,087
Upload Count
1199 (1205)
Member for 9 years
OK:worried: Where was the hidden link? Just so I know and understand...
It was embedded in this word... andreev
 
Downloaded
89.9 GB
Uploaded
57.1 GB
Ratio
0.63
Seedbonus
8,613
Upload Count
0 (0)
Member for 6 years
Thks everyone...
 

User-Qwert

Member
Downloaded
345.6 GB
Uploaded
428.9 GB
Ratio
1.24
Seedbonus
80,595
Upload Count
0 (0)
Member for 6 years
You seem to be an Sys Admin. When you use Microsoft's Products like Server with a Domain Controller, RDP, VM security also consists of security concepts [policies] created by you for your work "flow", not only software apps.
Read about:
Group Policy Administrative Templates Catalog [getadmx dot com] - understand what are Administrative Template.
Microsoft®Update Catalog
Microsoft Best Practices for different services like Active Directory. [best practices are guidelines that are considered the ideal way, under typical circumstances, to configure a server as defined by experts. ]
Microsoft Security Compliance Toolkit
Download and Install Best Practices Analyzer
See the "needs" of your clients and fulfill those needs by services like VPN as a protection layer to RDP, par example.
Don't forget about hosts file on every device and you can block there many, many domains that are reported al mallware / "Danger"ware.
There are many tutorials and modules for the "new" open sourced Micrtosoft's Powershell for SysAdmins / DevOps .
Make your own logical map regarding permissions. What I mean by that ? What User/Admin should access only what folders ?
You can have Users / Admins with several layers of permisions on a logical idea. Example Starting from Level 4 where "places" to have access are few till Level 0 - total access.
You must construct you "policies" | "best practices". No software is reliable to zero-day vulnerabilities. Usually if you noticed, the most known events of damage caused by malware [example: one that encrypts documents and ask for money to decrypt] occurred around not known yet or recently discovered vulnerabilities. Your last defense are these policies. If a user is infected he will "spread" the virus only where he can "touch" depending on his permission level set by you.
While infected you can monitor to what IP's [domains] is communicating and you can block that. Having ready [bash / batch / python / powershell] script's that do stuff is a plus. Like adding a line in hosts to all users pc's to block the virus communicating with outside, or adding in Pfsense a lne in iptables or what service you use to block what you can.

I see you use PFSense. There are Linux Distros as DC [plus samba and other services] working well with Postfix mail servers.

Think about custom ports like instead using 3389 [default for rdp] implement and document a custom port picked by you. This is just one idea, concept from millions out there. Google: "Change the listening port for Remote Desktop on your computer" and you'll find Microsoft's guide on how to do that.
On Linux side I won't even write about it. Lot's of things.

Well, good luck mate. [I'm not from Australia [but from Romania] but sounds nice]
 
Downloaded
89.9 GB
Uploaded
57.1 GB
Ratio
0.63
Seedbonus
8,613
Upload Count
0 (0)
Member for 6 years
@User-Qwert
Hi friend...
Tnks for your answer in my post...
You are Absolute right about everything...
My name is William, i'm from Brazil, 30 :)
"Working with computer"- like my mom says. Since 15
Today me and my young brother have a small company administering IT to small company...
The most of my clients have a simple Server Dell T140...T110...like this and about 30 computers and users.
I use Windows Server in most of then...tried use Linux whit Zentyal server but was no success.
Tnks again for your tips and a will for it....
:clap:
 

User-Qwert

Member
Downloaded
345.6 GB
Uploaded
428.9 GB
Ratio
1.24
Seedbonus
80,595
Upload Count
0 (0)
Member for 6 years
Might help


Microsoft Sysinternals Suite
POSHGUI dot com
PowerShell.org - YouTube
github dot com:
GitHub - FranzSw/ReconnectNetworkDrives: Reconnects network drives that don't get reconnected by Windows...
GitHub - crshnbrn66/PSLog
GitHub - syntaqx/winkit: A toolkit for Windows
GitHub - OSDeploy/OSDDrivers
GitHub - brainwatcher/Rainmeter
GitHub - kemotep/Windows: Windows Scripts and more.
WindowsBuildScripts/Windows10Debloater.ps1 at master · soloworks/WindowsBuildScripts · GitHub
markdmac’s gists · GitHub
GitHub - markdmac/PowerShell: PowerShell Resources
GitHub - razvangoga/scripts-n-cheetsheats: a collection of scripts and cheatsheets I use in day to day work

gallery dot technet dot microsoft dot com
/scriptcenter/Removes-windows-update-cb4d1389
/PSNetMon-PowerShell-cd2b345e

powershellgallery dot com
/packages/AssetInventory/
/packages/SysInfo/
/packages/PackageManagement/

Read Windows PowerShell Networking Guide | Leanpub
leanpub dot com/windowspowershellnetworkingguide/read

Home - Snipe-IT Free open source IT asset management: snipeitapp dot com
Free IT Asset Management Software from Spiceworks: spiceworks dot com/free-asset-management-software/
ITSM, Service Desk & Help Desk Software with integrated ITAM | SysAid : sysaid dot com/
PENetwork: sourceforge dot net/projects/penetwork/files/

How do i send to you a private message ?
 

Uncle Mac

🤴 Super Admin
Downloaded
91.3 GB
Uploaded
305.3 TB
Ratio
3423.91
Seedbonus
3,463,310
Upload Count
331 (350)
Member for 10 years
William seems more than happy.. I happy too.
Complete and Locked
 
Status
Not open for further replies.
Top