Re: Internet and Email Policy

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hello Skc,

Thank you for posting in the SBS newsgroup.

Also, many thanks for Lanwench's great input.

According to your description, I understand that you would like to re-issue
an internet and email policy. If I have misunderstood your concern, please
don't hesitate to let me know.

As you mentioned, your company have recently recruited around 30 new staff,
and you are running SBS 2003 Premium. I suggest you create a new group for
these new staffs, and use the ISA Server to control their internet access.

To get additional detailed information, you may refer to the following KB
article:

Securing Your Windows Small Business Server 2003 Network
http://www.microsoft.com/smallbusiness/support/articles/sec_sbs2003_network.
mspx

888717 Controlling secure Internet access by using ISA Server 2004
http://support.microsoft.com/?id=888717

I hope this helps. If you have any questions or concerns, please do not
hesitate to let me know. I am always happy to be of further assistance.

Best regards,

Nathan Liu (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>From: "Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>References: <0CA2B518-71A0-4BBF-9DA5-56C4867D79DA@xxxxxxxxxxxxx>
>Subject: Re: Internet and Email Policy
>Date: Mon, 27 Jun 2005 12:50:29 -0400
>Lines: 81
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>X-RFC2646: Format=Flowed; Original
>Message-ID: <ux3djhzeFHA.612@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: cpe-24-193-74-240.nyc.res.rr.com 24.193.74.240
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:130954
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>
>
>In news:0CA2B518-71A0-4BBF-9DA5-56C4867D79DA@xxxxxxxxxxxxx,
>Skc <Skc@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
>> I am running SBS2003 Premier with around 60 clients.
>>
>> I need to re-issue an internet and email policy, as we have recently
>> recruited around 30 new staff.
>>
>> Can someone provide me with any suggestions? Typically I would like
>> the recent spyware and spam links to be on there.
>>
>> Thanks,
>>
>> skc
>
>Well - I wouldn't bombard people with too much information. They won't
read
>it. Yes, they'll *sign* stuff, but you need to make sure they really
>understand it. This isn't supposed to be deliberate entrapment - it's
>supposed to protect your network. So, the first thing to consider is, have
>you done *all* you can to prevent most things from being an issue in the
>first place?
>
>* All workstations are NT-based (ideally, WinXP Pro SP2), locked down (no
>users having any more than "user" permissions), fully updated/patched,
>constantly?
>* Running good, centralized, frequently updated AV software on your
>workstations, which you monitor?
>* Running good, Exchange-aware AV on the server? Blocking potentially
>dangerous file attachments, doing scheduled scans as well as real-time
>scanning?
>* Using IMF or another antispam application or service?
>* Controlling (limiting/prohibiting) access to webmail, external POP/IMAP
>accounts, etc?
>* Implemented complex, 8-char-min passwords, with forced regular password
>changes?
>* Locking down inbound & outbound traffic from/to the Internet/other
>networks to the bare minimum needed, and reviewing your ISA/firewall logs
>regularly?
>
>Outside of the basics:
>A) "Here's what you're allowed to use your work computer for (e.g., actual
>business-related WORK)" and
>B) "Here's what you aren't allowed to use your work computer for (e.g.,
>Internet gambling, downloading inexpertly Photoshopped pictures of famous
>people without their clothes on)" and
>C) "You are not allowed to install any software, ever, whatsoever, even if
>you find something that doesn't require you to have admin/power user
rights,
>and if we find it on your computer we will not be pleased"
>C) "Passwords do not belong on colorful sticky notes on ones'
monitor...and
>yes, the bad guys know how to look under the keyboard, too" ....
>
>... I'd say that phishing is a good thing to mention - although I'd be
very
>surprised if most hadn't even seen or heard of it before, even if not by
>that name...
>
>* Tell them that Microsoft is not going to e-mail them a patch for
Windows,
>because Microsoft is busy doing other things and doesn't have time to
track
>down everyone who ever downloaded MSN Messenger.
>* Tell them Citibank isn't going to ask them for information in an e-mail,
>because the real Citibank already *has* that information, etc, and would
>probably invest in a proofreader/copyeditor who could write in proper
>English (or whatever your localized language is) if they *were* to e-mail
>the user.
>* Same with Paypal, eBay, etc.
>* Tell them that even if they get an e-mail from Aunt Gladys with an
>attachment purporting to be her much-vaunted elderberry pie recipe, they
>shouldn't open it unless they were expecting Aunt Gladys to send it to
them.
>* Tell them, "Don't put information in an e-mail you wouldn't write on a
>postcard."
>* Tell them, "Your personal e-mail becomes company property when it hits
our
>server, so maybe you don't want to use it for that as it could be
>embarrassing, land you in divorce court, get you fired or arrested."
>
>Most of this is just plain common sense stuff. Make this a short, simple,
>bullet-point list. and they may pay attention. I'm sure others will chime
in
>with their own ideas on this, but I think this is a good starting
point....
>HTH.
>
>
>
>

.

Relevant Pages

  • RE: Catchall not working, EXTERNALLY?
    ... Microsoft CSS Online Newsgroup Support ... but we will start using the exchange server fully ... When I open the connection (over internet) to my exchange account, ...
    (microsoft.public.windows.server.sbs)
  • RE: remote access SBS 2003 Inop
    ... Since you know the problem is relate to RRAS (Routing and Remote Access ... On the SBS 2003 Server open the Server Management console. ... Click the "Connect to the Internet" link. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 (no SP) - file saving over network suddenly very slow
    ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... >> the SBS server box? ... >> Norton Internet Security, Norton System Works, and Norton Anti-Virus etc. ...
    (microsoft.public.windows.server.sbs)
  • RE: Catchall not working, EXTERNALLY?
    ... When I open the connection (over internet) to my exchange account, ... the data is stored on the Exchange server side. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: Loading Web Sites
    ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... Have you installed ISA on the server box? ... Click Internet Protocl, and then click Properties. ...
    (microsoft.public.windows.server.sbs)