Solved

Separate Networks

Posted on 2014-02-19
7
202 Views
Last Modified: 2014-04-14
Hello,

I have a computer repair business and am having alot of issues with infected computers that are brought in for service. We need to put them on the network in order for us to remove infections and clean them up. The problem is that I am getting blacklisted which is causing my Exchange server to not be able to send email. I am also getting reports that there are Trojans on my network. Well there are indeed infected machines on my network that are being cleaned up. Our environment is a handful of fileservers, domain controller, exchange server, cloud backup servers. We currently are using Verizon fios and there router they provide. We have 2 24 port gigabit switches as well. 1 static verizon IP. What would be the most cost effective way for us to separate the network so we have our domain computers on 1 network and the infected ones here for repair on another? Again, the infected machines also need internet access?

Thanks,
John
0
Comment
Question by:jands
7 Comments
 
LVL 1

Accepted Solution

by:
ldrose537 earned 500 total points
Comment Utility
I have two primary recommendations:

1) keep infected workstations off the network while doing initial cleanup. Find some cleanup tools that you can copy onto a CD, and run them initially - get the machine as clean as possible first. I understand that some of the more prominent virus removal tools are "online," but connecting an infected machine to a production network is not good practice.

2) look into creating a second firewalled VLAN - requiring modification on the router and one of the switches; this will be a little involved, and if you don't take care of point one, you will still possibly run into the same issue of being blacklisted.
0
 
LVL 11

Expert Comment

by:BillBondo
Comment Utility
I agree with ldrose537. Many programs available for cleaning the computer off line as well as slaving the drive to a machine for online programs.
0
 

Author Comment

by:jands
Comment Utility
I cannot agree more and this is why im doing something about it guys. Just looking for some advice.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 53

Expert Comment

by:McKnife
Comment Utility
I would also recommend not to network those but use windows 8 "to go" [USB Stick installation of win8 enterprise (trial)] for cleaning operations.
0
 
LVL 1

Expert Comment

by:ldrose537
Comment Utility
John,

here is a link to some possible options for cleanup:

http://www.techrepublic.com/blog/five-apps/five-portable-antivirus-and-antimalware-tools-to-carry-with-you-at-all-times/

Otherwise, check around for bootable Scanning tools. They are out there. You might have to dig around for a solution or solutions that work best with the varied systems you encounter.

Linda
0
 
LVL 1

Expert Comment

by:ldrose537
Comment Utility
Regarding VLAN

You said: "We currently are using Verizon fios and there router they provide."

They should be able to answer questions regarding setting up a Virtual LAN (VLAN), whether it is possible with their equipment, and what it would take.

An additional thought: Keep in mind that with the "1 static verizon IP" all internal traffic, regardless of the VLAN configuration will be routed outside that IP, and that IP will be flagged/blacklisted with any continuing issues. So if you really want to isolate your production network from the potentially infected machines, you might want to contact Verizon and ask about getting an additional static IP (it may turn out to be a total of 5, depends on how Verizon does this).

Regardless, you'll want to talk to your provider and explain what you are trying to do, as it is a more involved setup. They should be able to help.

Linda
0
 
LVL 26

Expert Comment

by:skullnobrains
Comment Utility
if you have 1 static IP, you probably have a NAT router that can do some firewalling. tell us what you have, you probably don't have to add anything else. if you don't have any usable network equipent, you probably have an old spare machine that can act as a router and dhcp server. for a few machines and such a use, a pentium with 16Mb of ram would be enough.

either dedicate a switch or create a specific isolated vlan for the guest hosts, and then configure your existing equipment or spare machine to route them differently. we'll be able to help more once we know what you have at hand.

remember to
- NEVER allow outgoing port 25 for infected machines if you expect your own server not to be blacklisted and your ISP not to ditch you
- NEVER stick infected (or actually any foreign host) on your own network

also beware that using whatever cleanup tools wether online or not is probably inefficient. once a machine is strongly infected, formatting it is definitely a much more cost-effective way to remove malware (and even that is not always sufficient)
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now