?
Solved

Network configuration and domains

Posted on 2013-01-28
5
Medium Priority
?
204 Views
Last Modified: 2013-01-29
A virus attack rendered our Domain controllers unavailable.  Could not login with any account, tried a couple password reset tools to no avail.  We ended up reformatting and reloading both servers, probably a best practice and gave us an opportunity to upgrade to 2008.  Moving forward would like to redesign network and create two subnets, one for public use and one for staff use.  
Trying to avoid another event bringing down the whole network consisting of around 70 machines.  Having to go to every machine and readd them to the domain - very time consuming.  

Does this sound like a good plan or are there better options?
0
Comment
Question by:Webcc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 97

Accepted Solution

by:
Experienced Member earned 1000 total points
ID: 38829372
Generally yes. The public should not be given access to your LAN because you have no control over their computers. Their subnet should be segregated by use of a VLAN if you can do it. Also consider having a second ISP for this. Even with a VLAN, a public child porn user could cause you management grief.

Back to your LAN, make sure you have a good, corporate, integrated AntiVirus. Symantec Endpoint Protection is very good and there are other good ones a well. The point is to have a top notch one that is paid (never free).

Good luck.   ... Thinkpads_User
0
 
LVL 10

Assisted Solution

by:Nancy McCullough
Nancy McCullough earned 1000 total points
ID: 38829426
Absolutely, yes. Separate your company from your customers and from the public. Create a network wherein there are no access points that can be exploited by the various forms of viruses, as much as silly people looking for a "challenge", or those who are just "curious". Keep sensistive information backed up and stored offsite. There are quite a few virtual storage sites that work great, but again - you are then subject to *their* networks. Even still, I believe the cloud is where all computing is headed. I have already started storing all company files online as a backup... which has paid off after my company was hit with an incident a month ago. A secure network is one that keeps the data safe from outside sources as well as inside sources of potential harm.
0
 

Author Comment

by:Webcc
ID: 38829650
Thanks for the input.  Had latest SEP installed but got through, we are switching to Kaspersky.  Have to work out one application that is used by the public and managed by the staff so, both networks will need to access.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 38830551
If public has access to one application then they have access to your network using computers you have no control over.

You will certainly need very strong passwords. Perhaps you can provide two instances of the application.
.... Thinkpads_User
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 38830876
@Webcc - Thank you, and I was pleased to help you with this. .... Thinkpads_User
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses
Course of the Month13 days, 11 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question