• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Can a computer be both secure and internet enabled?

B

bupkus

Diamond Member
History: this small business has used 2 computers allowing a dedicated business pc with no internet and another solely for internet use.

Genesis of idea: I personally use Windows 7 Pro with XP Mode but only because of legacy hardware.

I was wondering if I could run Windows ?? with say Ubuntu in a vm. This way he would only need one cpu albeit 2 or 4 cores.
Does this make sense and how powerful of a cpu would like be needed for this scenario?

BTW, the business is a childcare with actually 2 networked pcs dedicated for business use and one solely for internet-- all still using single cores.
An additional note about the office pc... it powers a very light weight db that the 2nd pc taps into to make clock-ins. That clock-in pc will remain a single and separate unit. The goal is to eliminate the need of a separate internet machine completely but keeping the network safe.
 
bupkus said:
History: this small business has used 2 computers allowing a dedicated business pc with no internet and another solely for internet use.

Genesis of idea: I personally use Windows 7 Pro with XP Mode but only because of legacy hardware.

I was wondering if I could run Windows ?? with say Ubuntu in a vm. This way he would only need one cpu albeit 2 or 4 cores.
Does this make sense and how powerful of a cpu would like be needed for this scenario?

BTW, the business is a childcare with actually 2 networked pcs dedicated for business use and one solely for internet-- all still using single cores.
An additional note about the office pc... it powers a very light weight db that the 2nd pc taps into to make clock-ins. That clock-in pc will remain a single and separate unit. The goal is to eliminate the need of a separate internet machine completely but keeping the network safe.
Click to expand...

The memory would be more of a concern than the CPU. You could run Linux in a VM with a single core CPU. You should be safe allowing the Linux VM on the Internet as long as you do not give the VM access to the Host System.
 
I'm not sure what the paranoia about having computers on the internet is here. A computer on the internet isn't going to just catch a virus if its just sitting there hosting a db. 99% of the time it's a user that compromises a computer's security by downloading something or visiting a infected or compromised website using IE and it kicks off a background process. Any windows machine should, and will be just fine if its kept patched up, and any surfing done on the machine is done with a third party browser, IE Firefox or Chrome. We have 250 windows machines on the internet and the ONLY time we have a problem is when someone downloads something from an e mail they shouldn't have, or visit a website using internet exploder and it gets them something. We have strict rules in place to use IE on our list of trusted sites only, and Firefox or Chrome on EVERYTHING else... and for the most part we dont have a problem unless a user goes outside those guidelines.

As far as attacks go, any mid grade router should do fine, and if you really want secure, run Ubuntu on the whole network.
 
In your current environment are the clock-in and DB PCs the only thing connected together and you have the internet PC on a different network segment? Or are all three devices tied together but users know to only use the "internet" PC?

If its the former then that is best as an infected PC could potentially infect other local PCs. By running the VM you could expose the host machine to viruses\malware. Granted the likelyhood of a Linux->MS infection is very very unlikely. My greater concern would be user training. Users can easily grasp going to a different physical box to use the internet but if they can now use the "work" PC by launching the VM there may be some confusion which leads them to surfing on the work machine by mistake. So if you go that route you may want to concider locking down the internet on the host machine (do not provide default gateway) and only configure net access on the VM.
 
The idea of keeping the machine with any personal data on the clients/employees off the internet is a good one. Virtualization does nothing for security (except possibly make it harder), don't fall for the hype.

EDIT: Oh, and no computer is truly secure. There's bugs in any reasonably complex software.
 
A Network behind a Cable/DSL Router + AV+ AntiSpyware + Configurable Software + Basic self eduction about how to securely use Browsers and email is all that needed.

Millions of people are using computer with Internet connection for business and personal use and their is No reason for fear mongering (there is enough of it in to days politics).


.
 
Last edited:
JackMDS said:
A Network behind a Cable/DSL Router + AV+ AntiSpyware + Configurable Software + Basic self eduction about how to security use Browsers and email is all that needed.
Click to expand...

Too bad the last part of that equation is virtually impossible to fix.

Millions of people are using computer with Internet connection for business and personal use and their is No reason for fear mongering (there is enough of it in to days politics).
.
Click to expand...

And a very large number of those people are members of various botnets and have had their personal information stolen. The general population is going to be the absolute worst example of anything security related, computer specific or not.
 
JackMDS said:
A Network behind a Cable/DSL Router + AV+ AntiSpyware + Configurable Software + Basic self eduction about how to security use Browsers and email is all that needed.

Millions of people are using computer with Internet connection for business and personal use and their is No reason for fear mongering (there is enough of it in to days politics).
.
Click to expand...

Unfortunately that's just not true these days. And with customer information that does NOT require access to the internet (don't know if that's the case here, just assuming 😉), why take the risk?
 
No internet connected computers on the internal network is still what high security areas in business rely on and is how I would set up my network if I was really concerned about the data I kept. In something like a daycare though I can't see the need to do that.

What I would do:
Install a router making sure to change the default passwords.
Run the browser inside sandboxie (more people should use this as it solves a ton of issues)
Keep the AV up to date , MSE is good and free.
Don't forget to tell them to backup often.
 
Yap. In addition, I guess that all of you are driving on Roads that are completely safe, and there is Nobody else but you on the road at the same time.

You Eat food that there is a Guarantee that it never harm you (not to mention Alcohol consumption and smoking).

You engage in Sport activities that can never inflicted any physical harm.
Etc., Etc.


What I am trying to say is that there is risk in everything and there is a balance of solutions based on know how and can make things livable as long as One does not play the Ostrich.

Thus I firmly stand by my Post above.


.
 
"What I am trying to say is that there is risk in everything and there is a balance of solutions based on knowhow and can make things livable as long as One does not play the Ostrich."

I totally endorse Jack's statement. Am retired after decades in the security business, and the bottom line is, security is a matter of degree. Given enough time and money, there is no security system that cannot be breached. Operational security is a balance of risk and usefulness.
 
JackMDS said:
Yap. In addition, I guess that all of you are driving on Roads that are completely safe, and there is Nobody else but you on the road at the same time.

You Eat food that there is a Guarantee that it never harm you (not to mention Alcohol consumption and smoking).

You engage in Sport activities that can never inflicted any physical harm.
Etc., Etc.


What I am trying to say is that there is risk in everything and there is a balance of solutions based on know how and can make things livable as long as One does not play the Ostrich.

Thus I firmly stand by my Post above.


.
Click to expand...

You list things that are necessary and compare them to something that is not (an internet connected PC). I do not drive 100mph in zones that are not rated for 100mph. I do use my turn signals. I do try to pay attention to the road, the conditions, and other drivers. I DO NOT drive on major drinking holidays. Risks taken into account, reasonable mitigations are in place.
You also claim that Basic self eduction about how to security use Browsers and email ... will help. Time and time again the user education idea has flopped, the universe built a better idiot. Many of the old ideas are now dead: the perimeter has changed, "reputable sites" are no longer trustworthy, and you should be most suspicious of your browsers and document readers.

Risk: Personally Identifiable Information may be leaked via malicious intentions of actors unknown on the internet.
Mitigation: Do not connect the system holding this information to the internet.

This seems like a simple, easy, and inexpensive solution to this problem. If this wasn't so painless I'd agree with you 100%, and your suggestions are the minimum for the machines that need internet access.

Of course, there are a dozen other problems that it does not address, but that isn't the topic of the thread. 😉
 
corkyg said:
"What I am trying to say is that there is risk in everything and there is a balance of solutions based on knowhow and can make things livable as long as One does not play the Ostrich."

I totally endorse Jack's statement. Am retired after decades in the security business, and the bottom line is, security is a matter of degree. Given enough time and money, there is no security system that cannot be breached. Operational security is a balance of risk and usefulness.
Click to expand...

:thumbsup: And that is cutting across every thing in live.

Same is the industry that I am in (Medical care). There is No way to secure and full prove health.

Good Health is maintaining balance that takes into "account risk and usefulness".

Most of our Scientific endeavors are a matter of finding the best probability rather than simplest Whole or Nothing approach, or to blame whatever is easy or fashionable to blame.


.
 
Last edited:
The problem with broad generalities is some people wish to apply them to all situations-- a metaphor for all seasons.
 
bupkus said:
The problem with broad generalities is some people wish to apply them to all situations-- a metaphor for all seasons.
Click to expand...

:thumbsup:

However, that was true many years ago.

Toady it is: "The problem with broad generalities is that Most people (in the USA) wish to apply them to all situations-- a metaphor for all seasons".



😎
 
Last edited:
You must log in or register to reply here.

TRENDING THREADS

Back
Top