Solved

Server 2008 w/Exchange Suggested steps in locating network virus

Posted on 2013-11-13
2
330 Views
Last Modified: 2013-11-14
Hi Experts,

My new client (2 days) has an 2008 Standard server running Exchange and is the PDC. A Server 2003 server is more or less a computer on the domain that runs a proprietary database app. There is an Asterisk VOIP computer recieving DHCP on the same subnet as all computers on the domain. No SharePoint used.

After doing an audit of all computers on the domain, 1 computer (XP Pro SP3) had a virus in which I had to reformat and load everything. Another computer (XP Pro SP3) had a 2 viruses after the Asterisk VOIP server was installed 2 months ago. This, again, was before I began services for the company. The user that had the 2 viruses is currently being spammed to death.

Some users on the domain are not recieving email but can send.

Another user, upon boot, has regedit come up immediately. I unchecked it in msconfig.exe but still appears.

Symantec Endpoint Protection was installed on all but 3 computers when I took over.

I do not service the VOIP phones or server. I know that Asterisk is an open source application and is vulnarable to port scanning and backdoor attacks.

The 2008 server is not on the edge of the network. It has a 192.168.1.X Ip address with one NIC. It  is connected to an unmanaged eswitch. The eswitch is connected to an SMC router which connects to a broadband Comcast router.

The VOIP server is connected to an ADTRAN SIP intrface. The ADTRAN is connected to an ARRIS (Comcast) router via an ethernet connection.

Another ethernet connection from the Asterisk server is connected to the unmanaged ethernet switch.

At this point, in viewing all hardware and logical software on the network, there are numerous hardware points in which viruses can be introduced to the network.  

My question: "What approach should be taken in handling the mystery of where the viruses come from?"

SheeeetMang!!!!

Thanks

TT
0
Comment
Question by:Netsyssol
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Author Comment

by:Netsyssol
ID: 39646185
Phones are Polycom on same subnet as computers. I recommened to the customer that it would definetly be a good idea to install a managed eswitch and configure a separate vlan to separate the computers and the Voip phones.
0
 
LVL 4

Accepted Solution

by:
FutureTechSysDOTcom earned 500 total points
ID: 39646326
My recommendations:

-Agree with above on separate networks for phone and data
-XP loses support from MS in early 2014, time to replace those machines, period
-Ensure AV is up to date on server
-Ensure AV is on all workstations
-Put in a proper router, even if you go with something less expensive.  I personally like SonicWall as you get Cisco-like features for a lot less $$$.

An analogy I would use in this situation, is you're bailing water out of a boat with 16 holes in the bottom, and debating with the client which of the 16 holes the most water is coming through.  Really what you need to do is to plug the holes, then bail out the water, then see if any of the plugs are leaking :-)

Usually with new clients I do a complete evaluation and tell them what needs to be fixed immediately and what it's going to cost.  If they are unwilling to spend a few hundred bucks to get their network to be as good as your average home office, you are going to have trouble getting paid for your services, in my experience.

Regards,
Chris M.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Find out what you should include to make the best professional email signature for your organization.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question