Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Separate Networks

Posted on 2014-02-19
7
Medium Priority
?
212 Views
Last Modified: 2014-04-14
Hello,

I have a computer repair business and am having alot of issues with infected computers that are brought in for service. We need to put them on the network in order for us to remove infections and clean them up. The problem is that I am getting blacklisted which is causing my Exchange server to not be able to send email. I am also getting reports that there are Trojans on my network. Well there are indeed infected machines on my network that are being cleaned up. Our environment is a handful of fileservers, domain controller, exchange server, cloud backup servers. We currently are using Verizon fios and there router they provide. We have 2 24 port gigabit switches as well. 1 static verizon IP. What would be the most cost effective way for us to separate the network so we have our domain computers on 1 network and the infected ones here for repair on another? Again, the infected machines also need internet access?

Thanks,
John
0
Comment
Question by:jands
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 1

Accepted Solution

by:
ldrose537 earned 2000 total points
ID: 39870371
I have two primary recommendations:

1) keep infected workstations off the network while doing initial cleanup. Find some cleanup tools that you can copy onto a CD, and run them initially - get the machine as clean as possible first. I understand that some of the more prominent virus removal tools are "online," but connecting an infected machine to a production network is not good practice.

2) look into creating a second firewalled VLAN - requiring modification on the router and one of the switches; this will be a little involved, and if you don't take care of point one, you will still possibly run into the same issue of being blacklisted.
0
 
LVL 11

Expert Comment

by:BillBondo
ID: 39870531
I agree with ldrose537. Many programs available for cleaning the computer off line as well as slaving the drive to a machine for online programs.
0
 

Author Comment

by:jands
ID: 39870587
I cannot agree more and this is why im doing something about it guys. Just looking for some advice.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 56

Expert Comment

by:McKnife
ID: 39870592
I would also recommend not to network those but use windows 8 "to go" [USB Stick installation of win8 enterprise (trial)] for cleaning operations.
0
 
LVL 1

Expert Comment

by:ldrose537
ID: 39870662
John,

here is a link to some possible options for cleanup:

http://www.techrepublic.com/blog/five-apps/five-portable-antivirus-and-antimalware-tools-to-carry-with-you-at-all-times/

Otherwise, check around for bootable Scanning tools. They are out there. You might have to dig around for a solution or solutions that work best with the varied systems you encounter.

Linda
0
 
LVL 1

Expert Comment

by:ldrose537
ID: 39870841
Regarding VLAN

You said: "We currently are using Verizon fios and there router they provide."

They should be able to answer questions regarding setting up a Virtual LAN (VLAN), whether it is possible with their equipment, and what it would take.

An additional thought: Keep in mind that with the "1 static verizon IP" all internal traffic, regardless of the VLAN configuration will be routed outside that IP, and that IP will be flagged/blacklisted with any continuing issues. So if you really want to isolate your production network from the potentially infected machines, you might want to contact Verizon and ask about getting an additional static IP (it may turn out to be a total of 5, depends on how Verizon does this).

Regardless, you'll want to talk to your provider and explain what you are trying to do, as it is a more involved setup. They should be able to help.

Linda
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 39931452
if you have 1 static IP, you probably have a NAT router that can do some firewalling. tell us what you have, you probably don't have to add anything else. if you don't have any usable network equipent, you probably have an old spare machine that can act as a router and dhcp server. for a few machines and such a use, a pentium with 16Mb of ram would be enough.

either dedicate a switch or create a specific isolated vlan for the guest hosts, and then configure your existing equipment or spare machine to route them differently. we'll be able to help more once we know what you have at hand.

remember to
- NEVER allow outgoing port 25 for infected machines if you expect your own server not to be blacklisted and your ISP not to ditch you
- NEVER stick infected (or actually any foreign host) on your own network

also beware that using whatever cleanup tools wether online or not is probably inefficient. once a machine is strongly infected, formatting it is definitely a much more cost-effective way to remove malware (and even that is not always sufficient)
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question