Solved

Separate Networks

Posted on 2014-02-19
7
205 Views
Last Modified: 2014-04-14
Hello,

I have a computer repair business and am having alot of issues with infected computers that are brought in for service. We need to put them on the network in order for us to remove infections and clean them up. The problem is that I am getting blacklisted which is causing my Exchange server to not be able to send email. I am also getting reports that there are Trojans on my network. Well there are indeed infected machines on my network that are being cleaned up. Our environment is a handful of fileservers, domain controller, exchange server, cloud backup servers. We currently are using Verizon fios and there router they provide. We have 2 24 port gigabit switches as well. 1 static verizon IP. What would be the most cost effective way for us to separate the network so we have our domain computers on 1 network and the infected ones here for repair on another? Again, the infected machines also need internet access?

Thanks,
John
0
Comment
Question by:jands
7 Comments
 
LVL 1

Accepted Solution

by:
ldrose537 earned 500 total points
ID: 39870371
I have two primary recommendations:

1) keep infected workstations off the network while doing initial cleanup. Find some cleanup tools that you can copy onto a CD, and run them initially - get the machine as clean as possible first. I understand that some of the more prominent virus removal tools are "online," but connecting an infected machine to a production network is not good practice.

2) look into creating a second firewalled VLAN - requiring modification on the router and one of the switches; this will be a little involved, and if you don't take care of point one, you will still possibly run into the same issue of being blacklisted.
0
 
LVL 11

Expert Comment

by:BillBondo
ID: 39870531
I agree with ldrose537. Many programs available for cleaning the computer off line as well as slaving the drive to a machine for online programs.
0
 

Author Comment

by:jands
ID: 39870587
I cannot agree more and this is why im doing something about it guys. Just looking for some advice.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 53

Expert Comment

by:McKnife
ID: 39870592
I would also recommend not to network those but use windows 8 "to go" [USB Stick installation of win8 enterprise (trial)] for cleaning operations.
0
 
LVL 1

Expert Comment

by:ldrose537
ID: 39870662
John,

here is a link to some possible options for cleanup:

http://www.techrepublic.com/blog/five-apps/five-portable-antivirus-and-antimalware-tools-to-carry-with-you-at-all-times/

Otherwise, check around for bootable Scanning tools. They are out there. You might have to dig around for a solution or solutions that work best with the varied systems you encounter.

Linda
0
 
LVL 1

Expert Comment

by:ldrose537
ID: 39870841
Regarding VLAN

You said: "We currently are using Verizon fios and there router they provide."

They should be able to answer questions regarding setting up a Virtual LAN (VLAN), whether it is possible with their equipment, and what it would take.

An additional thought: Keep in mind that with the "1 static verizon IP" all internal traffic, regardless of the VLAN configuration will be routed outside that IP, and that IP will be flagged/blacklisted with any continuing issues. So if you really want to isolate your production network from the potentially infected machines, you might want to contact Verizon and ask about getting an additional static IP (it may turn out to be a total of 5, depends on how Verizon does this).

Regardless, you'll want to talk to your provider and explain what you are trying to do, as it is a more involved setup. They should be able to help.

Linda
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 39931452
if you have 1 static IP, you probably have a NAT router that can do some firewalling. tell us what you have, you probably don't have to add anything else. if you don't have any usable network equipent, you probably have an old spare machine that can act as a router and dhcp server. for a few machines and such a use, a pentium with 16Mb of ram would be enough.

either dedicate a switch or create a specific isolated vlan for the guest hosts, and then configure your existing equipment or spare machine to route them differently. we'll be able to help more once we know what you have at hand.

remember to
- NEVER allow outgoing port 25 for infected machines if you expect your own server not to be blacklisted and your ISP not to ditch you
- NEVER stick infected (or actually any foreign host) on your own network

also beware that using whatever cleanup tools wether online or not is probably inefficient. once a machine is strongly infected, formatting it is definitely a much more cost-effective way to remove malware (and even that is not always sufficient)
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cannot send E-mails to one company 15 60
Destination host unreachable 12 67
Remote Desktop Certificates 6 44
Power Shell to copy folders and files 2 31
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now