Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Viruses crossing different LAN workgroups - how likely ?

Status
Not open for further replies.
ghost123uk

ghost123uk

Technical User
Oct 31, 2002
57
GB
How dangerous is it to put a PC (running XP) that is suspected to have a virus, perhaps even a rootkit type, onto my LAN network when my network workgroup is called "fred" and the suspect PC's workgroup is called "alice" ?

Note I would check that netbui is not enabled, as I know this protocol can traverse workgroups.
Also no workgroup "bridges" exist.

btw - I ask as my router does not offer a DMZ and I often need to use facilities such as Trend Micro's "Housecall" (which I find very useful, even if just to identify a
problem)

Bearing in mind I will not always be 100% sure that a customers PC I wish to get on line has not got an infection of some sort, what is a good plan to protect the 5 PC's on my LAN ? ( All my PC's have AVG or AVG pro and my main PC has Zone Alarm ) Thanks for any tips John in the N.W. UK

JB - N.W. - UK....
If at first you don't succeed, keep at it until you can't even think straight !
 
Sort by date Sort by votes
I would never introduce a PC into my network that was suspected to have a virus. I would clean any virus before putting it on the network. Better to be safe.

Jim W MCSE CCNA
Network Manager
 
Upvote 0 Downvote

Thanks Jim for your reply.

We do our best to check / clean up a machine before putting it on the LAN.

The problem is that even with up to date scans using the AVG boot CD or whatever, one can never be sure that a rootkit or something that hasn't been picked up isn't lurking in there ( we have seen this a good few times )

I am just looking for as near to a "fail safe" solution as possible.

Any further tips will be gratefully received :)

JB - N.W. - UK....
If at first you don't succeed, keep at it until you can't even think straight !
 
Upvote 0 Downvote
It sounds like to me your best bet, if you can do it, is to set up a seperate VLAN to plug these computers into. If you don't provide a route between VLAN's, I think you should be safe.

Dan
 
Upvote 0 Downvote
vlans are not a security feature as so many vendors claim they are. It is quite easy to jump vlans.

jfwebber is 100% correct. Never introduce a suspect system onto your network.

Gb0mb

........99.9% User Error........
 
Upvote 0 Downvote
Chers for the heads up on that one Gb0mb

My problem is you can never be sure whether a guest pc is 100% clean of a lurking rootkits etc these days. I find that Trend Micros "Housecall" is very good at illustrating a problem even if it cannot always fix it ! (hence my requirement to get the suspect PC on the LAN)

I use the new AVG "PE" A/V and A/S disk, updated from a "that use only" memory stick.

I often scan the HDD of the "guest pc" on a stand alone PC, with the usual suspects, ie AVG, AdAware, Spybot S&D, etc. This "workhouse PC" is re-imaged using a Ghost backup when I feel the need.

We also keep a couple of backups of our main PC, ie yesterday and a fortnight ago (ish)

I have also just recently disabled the "simple file sharing" on all machines on our LAN and set up sharing with security permissions etc that require each workstation to have an account, to access shares, and use strong passwords. ( I wonder how much good this does ? )

I only asked really as I was hoping someone might suggest a way of keeping one input to my ADSL router that was "Internet only" with no access to our LAN ? ( just as a belt and braces approach !! )

Perhaps I should stick with going around the home / home office/workshop and turn the other PC's off !!

JB - N.W. - UK....
If at first you don't succeed, keep at it until you can't even think straight !
 
Upvote 0 Downvote
File sharing is only part of the problem. You'll also need to make sure that the computers are firewalled- a problem if they do actually share files among themselves.

You can try setting up a second broadband router behind the existing one. Put your LAN PCs on it and plug the suspect system into the outside router.
 
Upvote 0 Downvote
What type of router do you have? It my be possible to put the infected machine in another subnet and turn off ip routing on the router so the two subnets cannot communicate and then you will have your web access for the suspect system.

Also I was wondering if you could download what you need and just burn it to disk and sneaker net it to the suspect system?



Gb0mb

........99.9% User Error........
 
Upvote 0 Downvote
Suspected machines get a new hardrive and fresh install before ever going back on the network here.
 
Upvote 0 Downvote
25 Jun 07 14:02 lhuegele Wrote =
"Suspected machines get a new hardrive and fresh install before ever going back on the network here".

Fair enough if you need that level of security, but surely an approved disk wiping (Symantics "Disk Wipe" or Ontracks version etc) program would take care of any concerns about residuals ?

JB - N.W. - UK....
If at first you don't succeed, keep at it until you can't even think straight !
 
Upvote 0 Downvote
29 Jun 07 ghost123 Wrote =

"Fair enough if you need that level of security, but surely an approved disk wiping (Symantics "Disk Wipe" or Ontracks version etc) program would take care of any concerns about residuals?"

Of course, but we are required to do forensics on any infected machines, so our Security Operations group takes the hard drives, while we get the user back up and running as quickly as possible. After SecOps is done they put the drives back into the mix where it can go into another machine later.
 
Upvote 0 Downvote

@ lhuegele OK that explains that one :)

However

@ gb0mb - We have used Dban in the past but we stopped using it when we found it does not wipe the hidden sector zero's on a hard drive.

For instance, to prove it, try putting a big drive in a PII who's BIOS does not support a big drive and use Ontracks disk manager program to fake the cylinders heads and sectors so it will see the full drive (you then get the blue "Ontrack disk manager" logo on boot up) - Now try and wipe the entire drive with Dban. - Now re-boot and you will still get the "Ontrack disk manager" logo !!

Quite alot of stuff can be put into those hidden sectors, even viruses, so we went back to using Nortons "Disk Wipe".

JB - N.W. - UK....
If at first you don't succeed, keep at it until you can't even think straight !
 
Upvote 0 Downvote
Never knew that. I will have to check it out.

hanks for the heads up.



Gb0mb

........99.9% User Error........
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

nakbrooks
  • Locked
  • Question
Configuring NAT on SonicWall TZ210 to access ADSL router from LAN
Replies
0
Views
114
nakbrooks
nakbrooks
ITGuyLA
  • Locked
  • Question
need help with group policy standardization at different branches
Replies
2
Views
55
chanakya
chanakya
GKChesterton
  • Locked
  • Question
LAN, Internet filtering, 'walk-away' firewall solution
Replies
1
Views
58
pansophic
pansophic
Kativs
  • Locked
  • Question
Duplicate shared folders - Why? And how do I fix?
Replies
2
Views
110
Kativs
Kativs
Tony414
  • Locked
  • Question
Block lan access?
Replies
8
Views
59
Tony414
Tony414

Part and Inventory Search

Sponsor

Back
Top