Solved

Server 2008 w/Exchange Suggested steps in locating network virus

Posted on 2013-11-13
2
333 Views
Last Modified: 2013-11-14
Hi Experts,

My new client (2 days) has an 2008 Standard server running Exchange and is the PDC. A Server 2003 server is more or less a computer on the domain that runs a proprietary database app. There is an Asterisk VOIP computer recieving DHCP on the same subnet as all computers on the domain. No SharePoint used.

After doing an audit of all computers on the domain, 1 computer (XP Pro SP3) had a virus in which I had to reformat and load everything. Another computer (XP Pro SP3) had a 2 viruses after the Asterisk VOIP server was installed 2 months ago. This, again, was before I began services for the company. The user that had the 2 viruses is currently being spammed to death.

Some users on the domain are not recieving email but can send.

Another user, upon boot, has regedit come up immediately. I unchecked it in msconfig.exe but still appears.

Symantec Endpoint Protection was installed on all but 3 computers when I took over.

I do not service the VOIP phones or server. I know that Asterisk is an open source application and is vulnarable to port scanning and backdoor attacks.

The 2008 server is not on the edge of the network. It has a 192.168.1.X Ip address with one NIC. It  is connected to an unmanaged eswitch. The eswitch is connected to an SMC router which connects to a broadband Comcast router.

The VOIP server is connected to an ADTRAN SIP intrface. The ADTRAN is connected to an ARRIS (Comcast) router via an ethernet connection.

Another ethernet connection from the Asterisk server is connected to the unmanaged ethernet switch.

At this point, in viewing all hardware and logical software on the network, there are numerous hardware points in which viruses can be introduced to the network.  

My question: "What approach should be taken in handling the mystery of where the viruses come from?"

SheeeetMang!!!!

Thanks

TT
0
Comment
Question by:Netsyssol
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Author Comment

by:Netsyssol
ID: 39646185
Phones are Polycom on same subnet as computers. I recommened to the customer that it would definetly be a good idea to install a managed eswitch and configure a separate vlan to separate the computers and the Voip phones.
0
 
LVL 4

Accepted Solution

by:
FutureTechSysDOTcom earned 500 total points
ID: 39646326
My recommendations:

-Agree with above on separate networks for phone and data
-XP loses support from MS in early 2014, time to replace those machines, period
-Ensure AV is up to date on server
-Ensure AV is on all workstations
-Put in a proper router, even if you go with something less expensive.  I personally like SonicWall as you get Cisco-like features for a lot less $$$.

An analogy I would use in this situation, is you're bailing water out of a boat with 16 holes in the bottom, and debating with the client which of the 16 holes the most water is coming through.  Really what you need to do is to plug the holes, then bail out the water, then see if any of the plugs are leaking :-)

Usually with new clients I do a complete evaluation and tell them what needs to be fixed immediately and what it's going to cost.  If they are unwilling to spend a few hundred bucks to get their network to be as good as your average home office, you are going to have trouble getting paid for your services, in my experience.

Regards,
Chris M.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question