Isolating the Internet

Here at work, we do not have the internet on our work stations, the fear being that we will knowingly or unknowingly download something that will interfere with the purpose of the workstation. Time spent on the internet is not the issue. Is there a way of isolating the internet from the hard drive or in some other manner making it impossible to download anything to the hard drive?

In most cases, absolutely. In Windows XP (and most other recent flavors of Windows, in fact), for instance, the system administrator can set privelges to allow or disallow the installation of software. Many other things can be controlled through the use of User Policies.

How To Use the Group Policy Editor to Manage Local Computer Policy in Windows XP. If you have a different Windows OS, there are other similar articles, as well.

Absolutely. Run a virtual machine, and, within that virtual-machine environment, turn off the features that give it general access to the rest of your file system. For added security, use that virtual-machine environment to run a non-Microsoft OS.

I assume you and your coworkers are on PCs running some flavor of Windows? Get VirtualPC, from Microsoft, formerly from Connectix. Install a Linux distro onto a virtual hard drive (which is an individual file, as far as your real hard drive is concerned), and put a current Linux build of Mozilla on it. Put on an email client while you’re at it, along with whatever other internet-based proggies you might want. When you want to browse the web or otherwise access internet resources, cue up VPC, boot Linux, and from that window do whatever you want to do.

No Windows-based malware will infest your Linux environment, and not even Unix/Linux exploits (such as they exist) will ever do worse than screw up your virtual Linux environment as long as, in your VPC settings, you disable access to the rest of your local hard drive file system and your networked resources.


Alternatively, go on eBay and snag a used 4-5 year old Macintosh for chump change, install VNC Server on it, and sit it in a corner somewhere. Put all machines on a local network (192.168.xx.yy) and give only the Mac access to the outside world. When you want to pull up a browser or otherwise access the internet, open a VNC window and remote-control the Mac. That Mac isn’t going to get virused up, so let it do your online work for you.

Get [url=http://johnhaller.com/jh/mozilla/portable_firefox/Portable Firefox. It runs off of a USB key drive and doesn’t involve the PC’s hard drive.

Portable Firefox.
Drat…