Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Server 2008 w/Exchange Suggested steps in locating network virus

Posted on 2013-11-13
2
Medium Priority
?
340 Views
Last Modified: 2013-11-14
Hi Experts,

My new client (2 days) has an 2008 Standard server running Exchange and is the PDC. A Server 2003 server is more or less a computer on the domain that runs a proprietary database app. There is an Asterisk VOIP computer recieving DHCP on the same subnet as all computers on the domain. No SharePoint used.

After doing an audit of all computers on the domain, 1 computer (XP Pro SP3) had a virus in which I had to reformat and load everything. Another computer (XP Pro SP3) had a 2 viruses after the Asterisk VOIP server was installed 2 months ago. This, again, was before I began services for the company. The user that had the 2 viruses is currently being spammed to death.

Some users on the domain are not recieving email but can send.

Another user, upon boot, has regedit come up immediately. I unchecked it in msconfig.exe but still appears.

Symantec Endpoint Protection was installed on all but 3 computers when I took over.

I do not service the VOIP phones or server. I know that Asterisk is an open source application and is vulnarable to port scanning and backdoor attacks.

The 2008 server is not on the edge of the network. It has a 192.168.1.X Ip address with one NIC. It  is connected to an unmanaged eswitch. The eswitch is connected to an SMC router which connects to a broadband Comcast router.

The VOIP server is connected to an ADTRAN SIP intrface. The ADTRAN is connected to an ARRIS (Comcast) router via an ethernet connection.

Another ethernet connection from the Asterisk server is connected to the unmanaged ethernet switch.

At this point, in viewing all hardware and logical software on the network, there are numerous hardware points in which viruses can be introduced to the network.  

My question: "What approach should be taken in handling the mystery of where the viruses come from?"

SheeeetMang!!!!

Thanks

TT
0
Comment
Question by:Netsyssol
2 Comments
 

Author Comment

by:Netsyssol
ID: 39646185
Phones are Polycom on same subnet as computers. I recommened to the customer that it would definetly be a good idea to install a managed eswitch and configure a separate vlan to separate the computers and the Voip phones.
0
 
LVL 4

Accepted Solution

by:
FutureTechSysDOTcom earned 2000 total points
ID: 39646326
My recommendations:

-Agree with above on separate networks for phone and data
-XP loses support from MS in early 2014, time to replace those machines, period
-Ensure AV is up to date on server
-Ensure AV is on all workstations
-Put in a proper router, even if you go with something less expensive.  I personally like SonicWall as you get Cisco-like features for a lot less $$$.

An analogy I would use in this situation, is you're bailing water out of a boat with 16 holes in the bottom, and debating with the client which of the 16 holes the most water is coming through.  Really what you need to do is to plug the holes, then bail out the water, then see if any of the plugs are leaking :-)

Usually with new clients I do a complete evaluation and tell them what needs to be fixed immediately and what it's going to cost.  If they are unwilling to spend a few hundred bucks to get their network to be as good as your average home office, you are going to have trouble getting paid for your services, in my experience.

Regards,
Chris M.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question