The Gun Counter

Along w. the other requests for a PC, I could also use a suggestion for a firewall.

Anyway to block a particular PC from doing anything other than connecting to one site? I plan to stick w. macs, so the only thing the PC will do is download updates and ingredient info.

Aglifter wrote:Along w. the other requests for a PC, I could also use a suggestion for a firewall.

Anyway to block a particular PC from doing anything other than connecting to one site? I plan to stick w. macs, so the only thing the PC will do is download updates and ingredient info.

If it's a Windows machine, you can easily do it with Group Policy Objects (GPOs), even if they aren't pushed from a domain controller. While at L-3, I set up several locked-down XP machines (NOT domain controlled) in common use areas for office visitors and even those used with the copy/scanning/printing machine/copier. If you are using firewall filtering, you can identify that specific machine by IP and/or MAC address and restrict where it goes and what comes back in to that machine.

I know nothing about what you can do with restricting Macs on a controlled network, but I'd guess there are similar ways of doing the same thing as you can with Windows machines. When you lock a particular machine down individually, you need to make SURE you drill through ALL the options and control EVERYTHING you need because one way folks used to get around certain restrictions was to find a way into Help menus and find a way to compromise them (especially escaping to the shell or crashing the printers to gain elevated privileges but you'd REALLY need to know what you were doing and be AT THE MACHINE when it happened to escape out of the error, but not the entire program, at the right time, to gain an elevated privilege Command Prompt - it's an OLD technique, but is still used on certain printers which HAVE to be installed ONLY with Administrator access - but Windows has made GREAT strides to correct this issue, but I've heard it still happens once in a while with poorly written code and/or drivers). I suspect this probably isn't an issue on Macs.

Just remember how much of the ENTIRE INDUSTRY is built around Microsoft's poorly written code and crappy machines. All those schools and Learning Institutes with THOUSANDS of paying customers simply due to so many problems with Windows machines and ALL the software they contain BESIDES the OS. I mean, WHY would ANYONE integrate their OS into their WEB BROWSER (and browsing a VERY HOSTILE INTERNET), so that when the browser becomes compromised, the machine is also compromised?????? MORONS!!!!

And now they came out with Windows 8 (SUPER Windows ME in terms of hate being directed at it)???!?!?!?!?!?!?

Just two users. Up to 5 devices, maybe a few more. (2 PCs, one macbook, and a couple smart phones. Possibly a printer. Oh, and we use internet based phones.)

Aglifter wrote:Just two users. Up to 5 devices, maybe a few more. (2 PCs, one macbook, and a couple smart phones. Possibly a printer. Oh, and we use internet based phones.)

Understand - so you need a REALLY small cost solution, for people you do/can trust - and don't really need (or have any desire for) a commercial grade router with firewall.

I've worked on home networks and commercial networks, but NOT the area between as you've described it. I know and understand WHAT you want to do, but don't have the knowledge/experience and/or education to assist you (without a bunch of research). I wish I could be of more help. Others with more experience will have to chime in to assist you.

No remote access. Our telephone is through Time Warner - which is also our internet provider - and through ring central - but that's just a program which runs on the smart phones - it will get added, once I bother with it.

We do not have any remote access - we do not leave any computers in the office overnight.

We do have wifi.

No servers.

Nor do we have a VPN.

Its a standard cable modem

Time warner manages it, and the separate modem for the phone.

Cable runs into the modem for the phone, and we plug regular phones into it.

Not sure if that answers your questions.

OK, I have a wireless router/firewall. Anything I should do in particular?

Aglifter wrote:OK, I have a wireless router/firewall. Anything I should do in particular?

How current is it (and brand), and what capabilities does it have (published data off the box is fine for the most part, but VPN should be included) - when was the last firmware update?

Although I know I don't need to mention this to you, but people ABSOLUTELY MUST CHANGE THE PASSWORD from the default - and NOT something easy to guess (at least for anyone other than yourself or other administrators, and DO NOT include your company name or address numbers in the password). And yes, I've attached to some of my neighborhood wireless routers (I live on a hill overlooking residential areas), and actually been able to access several of them to the point I could change their router configuration and even lock them out of their OWN ROUTER - until they perform a hard reset and then change the password IMMEDIATELY, then reboot while attached with a CAT5 cable (and have their wireless radio turned off until they get the machine configured).

It's just best to do it right the first time by changing the password while setting up the router, then rebooting while attached via CAT5/6 cabling, so you don't have to deal with wireless settings until you're ready to. I've been kicked out of several routers while trying to set them up while connected wireless (for a variety of reasons, including auto-rebooting after changing the settings but wasn't done yet with the configuration) - but never had a problem while physically connected via RJ-45.

YMMV!