911 Dispatch PC Security :: Isolate Internet Viruses
Our government agency has a need to allow our 911 Dispatchers access to the Internet on their MS W2K PCs. The problem is they pull in tons of virus/trojan junk, while doing so. These PCs are on our flat (yuk) city wide network.
We would like to apply the following solution (please feedback on):
On our DMZ, setup a Microsoft Terminal Services server which will be dedicated to servering a Firefox session to each 911 PC for Internet browsing via a dedicated NIC.
The thinking here, is they are not running a browser on the PCs, but an emulated browser, thus the virus occurrance would be on the MS Terminal Server that's isolated from our city network. The other NIC would allow them Intranet browsing only and access to email & files, etc.