Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Server 2008 w/Exchange Suggested steps in locating network virus

Posted on 2013-11-13
2
Medium Priority
?
334 Views
Last Modified: 2013-11-14
Hi Experts,

My new client (2 days) has an 2008 Standard server running Exchange and is the PDC. A Server 2003 server is more or less a computer on the domain that runs a proprietary database app. There is an Asterisk VOIP computer recieving DHCP on the same subnet as all computers on the domain. No SharePoint used.

After doing an audit of all computers on the domain, 1 computer (XP Pro SP3) had a virus in which I had to reformat and load everything. Another computer (XP Pro SP3) had a 2 viruses after the Asterisk VOIP server was installed 2 months ago. This, again, was before I began services for the company. The user that had the 2 viruses is currently being spammed to death.

Some users on the domain are not recieving email but can send.

Another user, upon boot, has regedit come up immediately. I unchecked it in msconfig.exe but still appears.

Symantec Endpoint Protection was installed on all but 3 computers when I took over.

I do not service the VOIP phones or server. I know that Asterisk is an open source application and is vulnarable to port scanning and backdoor attacks.

The 2008 server is not on the edge of the network. It has a 192.168.1.X Ip address with one NIC. It  is connected to an unmanaged eswitch. The eswitch is connected to an SMC router which connects to a broadband Comcast router.

The VOIP server is connected to an ADTRAN SIP intrface. The ADTRAN is connected to an ARRIS (Comcast) router via an ethernet connection.

Another ethernet connection from the Asterisk server is connected to the unmanaged ethernet switch.

At this point, in viewing all hardware and logical software on the network, there are numerous hardware points in which viruses can be introduced to the network.  

My question: "What approach should be taken in handling the mystery of where the viruses come from?"

SheeeetMang!!!!

Thanks

TT
0
Comment
Question by:Netsyssol
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Author Comment

by:Netsyssol
ID: 39646185
Phones are Polycom on same subnet as computers. I recommened to the customer that it would definetly be a good idea to install a managed eswitch and configure a separate vlan to separate the computers and the Voip phones.
0
 
LVL 4

Accepted Solution

by:
FutureTechSysDOTcom earned 2000 total points
ID: 39646326
My recommendations:

-Agree with above on separate networks for phone and data
-XP loses support from MS in early 2014, time to replace those machines, period
-Ensure AV is up to date on server
-Ensure AV is on all workstations
-Put in a proper router, even if you go with something less expensive.  I personally like SonicWall as you get Cisco-like features for a lot less $$$.

An analogy I would use in this situation, is you're bailing water out of a boat with 16 holes in the bottom, and debating with the client which of the 16 holes the most water is coming through.  Really what you need to do is to plug the holes, then bail out the water, then see if any of the plugs are leaking :-)

Usually with new clients I do a complete evaluation and tell them what needs to be fixed immediately and what it's going to cost.  If they are unwilling to spend a few hundred bucks to get their network to be as good as your average home office, you are going to have trouble getting paid for your services, in my experience.

Regards,
Chris M.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
This video discusses moving either the default database or any database to a new volume.

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question