Solved

Server 2008 w/Exchange Suggested steps in locating network virus

Posted on 2013-11-13
2
323 Views
Last Modified: 2013-11-14
Hi Experts,

My new client (2 days) has an 2008 Standard server running Exchange and is the PDC. A Server 2003 server is more or less a computer on the domain that runs a proprietary database app. There is an Asterisk VOIP computer recieving DHCP on the same subnet as all computers on the domain. No SharePoint used.

After doing an audit of all computers on the domain, 1 computer (XP Pro SP3) had a virus in which I had to reformat and load everything. Another computer (XP Pro SP3) had a 2 viruses after the Asterisk VOIP server was installed 2 months ago. This, again, was before I began services for the company. The user that had the 2 viruses is currently being spammed to death.

Some users on the domain are not recieving email but can send.

Another user, upon boot, has regedit come up immediately. I unchecked it in msconfig.exe but still appears.

Symantec Endpoint Protection was installed on all but 3 computers when I took over.

I do not service the VOIP phones or server. I know that Asterisk is an open source application and is vulnarable to port scanning and backdoor attacks.

The 2008 server is not on the edge of the network. It has a 192.168.1.X Ip address with one NIC. It  is connected to an unmanaged eswitch. The eswitch is connected to an SMC router which connects to a broadband Comcast router.

The VOIP server is connected to an ADTRAN SIP intrface. The ADTRAN is connected to an ARRIS (Comcast) router via an ethernet connection.

Another ethernet connection from the Asterisk server is connected to the unmanaged ethernet switch.

At this point, in viewing all hardware and logical software on the network, there are numerous hardware points in which viruses can be introduced to the network.  

My question: "What approach should be taken in handling the mystery of where the viruses come from?"

SheeeetMang!!!!

Thanks

TT
0
Comment
Question by:Netsyssol
2 Comments
 

Author Comment

by:Netsyssol
Comment Utility
Phones are Polycom on same subnet as computers. I recommened to the customer that it would definetly be a good idea to install a managed eswitch and configure a separate vlan to separate the computers and the Voip phones.
0
 
LVL 4

Accepted Solution

by:
FutureTechSysDOTcom earned 500 total points
Comment Utility
My recommendations:

-Agree with above on separate networks for phone and data
-XP loses support from MS in early 2014, time to replace those machines, period
-Ensure AV is up to date on server
-Ensure AV is on all workstations
-Put in a proper router, even if you go with something less expensive.  I personally like SonicWall as you get Cisco-like features for a lot less $$$.

An analogy I would use in this situation, is you're bailing water out of a boat with 16 holes in the bottom, and debating with the client which of the 16 holes the most water is coming through.  Really what you need to do is to plug the holes, then bail out the water, then see if any of the plugs are leaking :-)

Usually with new clients I do a complete evaluation and tell them what needs to be fixed immediately and what it's going to cost.  If they are unwilling to spend a few hundred bucks to get their network to be as good as your average home office, you are going to have trouble getting paid for your services, in my experience.

Regards,
Chris M.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now