Got a couple of questions for all you clever peeps out there.

In our office we have a small network where all the computers are networked to to the "server" which is running Win2000 Server. The network has been badly set up to start with by the bosses son who thinks he knows what hes doing but he doesnt. Personally I think the whole lot could do with an overhaul. We are having Virus problems all the time at the moment and I have been given the task of preventing it.

Question 1.
We currently have NO ANTIVIRUS on the server machine, which is the main problem I think. What antivirus would be good to purchase for this?

Question 2.
All the emails for each user are delivered directly to each computer as we have just one user set up per machine. I ideally want to set it up so that all the emails are scanned and filtered at the server, I think for this I need to set up microsoft exchange? unfortunatly not all the machines in the office are configured in the same way, some connect to the web when the server is not on, and others will not. We are running Windows XP Home and Windows NT4 within the office.

All help advice and pointers greatly appreciated.

Regards,
Alex

Can you give a few more specifics about the network? Networks/domains are kinda my specialty... :)

I almost replied to this earlier. His boss' son seems like a total tw@t! Antivirus on the server is utmost. Then unless there is a very specific reason all workstations should connect via the server. Everyone should have the same permissions unless there is a very good reason why they shouldn't. It sounds as if there is no administration and someone definitely needs to start doing it.

@Zack731

Tell me what info you need and I will get it for you.
I have been speaking with the other company directors and they would like it resolving ASAP.

@Elaine

You got the part about him being a total tw@t 100% right.

All help is greatly appreciated !

Regards,
Alex

Well youll nedd an antivirus It seems a common one is sofos on alot of networks Ive seen maybe its a cheap licence though Ive not used it personally but from experience avast, avg and antivir tend to be reliable.

You want to setup something Exchange at least to deal with the email, you could do with a hardware firewall too if you dont already have one you can filter attachments with that as well as protect the network.

If you can not sure about licences and stuff but replace the xp home installs with pro NT4 is almost if not obsolete if security is important get it replaced.

If this is a small office do all pcs need internet access if its not nesecary dont use it or install it is the general rule of thumb.

Thats all I can say really with the info. Personally d wipe everything and install linux if the licences are a problem or install it on the server at least.

depending on what internet activity is needed a secure setup could be something like this

mail server machine that has exchange istalled this connects to the internet via a firewall configuration something like email ports allowed and internet ports allowed http , https, ftp etc. You should if needed install any other servers on this pc.

that connects to the main server via a firewall that firewall allows email ports and simple internet ports http, httpds ftp if needed.

then all your internal lan connect to the main internal server. This might not be perfect but its fairly secure.

Firewall is a must if you plan on hosting your own email. I definitely recommend a hardware-based solution. I would go with something that has three security zones: a Trusted (Your Local Lan), and Untrusted (The Internet) and a DMZ (Your mail server/other publically accessible servers. Hang all your internal stuff off the Trusted zone, have your internet connection on the untrusted, and mail server on the dmz. Then setup firewall rules to allow the minimum access necessary. I always start with a "DENY ALL" policy, and then create specific "ALLOW" policies above it. For example, if you only want your people to be able to browse websites, then you could allow only HTTP and HTTPS out from your Trust zone to your untrust. Be especially careful with the rules on you DMZ zone. Make sense?

As far as AV is concerned: it is not even an option. I am a very big fan of Symantec Corporate AV. Set it up on the server, load the Symantec System Console and then from the server, push out AV to your workstations. Then you can centrally manage your AV from the server. You can push virus definitions out, force scheduled scans, enforce policies, etc...and the end users have no say in the matter (Mwuhaha ;) )

Anyways, I am at work, so that's it for now, but I'll definitely post more later if you have questions. :)