Announcement

Collapse
No announcement yet.

What to do with a 'wild' network?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • What to do with a 'wild' network?

    I'm in a situation where I have to help deal a number of mixed client networks that are totally 'wild' in that they have not been managed or maintained--ever. (These clients are all located on isolated networks that have never been exposed to the Internet.) The clients are a mixture of practically everything under the sun that is Windows related 95, 98, ME, 2000 Pro, XP Home, XP Pro, Vista Home, and Vista Pro. Of course, none of these machines have been patched in years. In addition, at this time we have no idea what software is installed on any of the computers, and are anticipating that there will be lot of pirated software. Some clients may also be infected with malware. We will be introducing a new domain controller, will be replacing all non-domain compatible clients (i.e. non-pro Windows computers), and joining all the remaining clients, to the domain (which means that we will be forced into managing 2000, XP, and Vista for the time being). We will also be deploying anti-virus software to all clients.

    My general question is: what is the best way to get all these clients under control? My more specific questions are: what is the best way to get all these clients up to date patch-wise? Turn on automatic updates until all clients are current, then resume a normal test/patch schedule? How can we verify what software is installed on what client and whether or not the software is legitimate? What other things should we be on the lookout for?

  • #2
    Re: What to do with a 'wild' network?

    Been there, done that, can't find a tee-shirt large enough to fit
    3 branch offices with totally rogue systems -- server (unlicensed) being used for bit-torrent, dont even THINK about OS licenses, "what's AV software", all users as server admins, everyone knows everyone elses password.
    After firing the network admin (very dodgy videos on the server on top of everything else), I sorted it out

    IMHO, do a format and reinstall on each (after recovering data)
    Yes, its slow, but it puts you in a "known good" status and guarentees no virus or unlicensed software issues
    Last edited by Ossian; 12th December 2008, 08:56.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: What to do with a 'wild' network?

      Moved to Misc forum as a more appropriate location than AD
      Will move again depending on the way this thread develops
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: What to do with a 'wild' network?

        Format re-install from me too.
        No other safe way I'm afraid. Plus it is a great starting point, not many people get to do it that way.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: What to do with a 'wild' network?

          When my supervisor started at this company he faced the same problem Every machine ran a pirated copy of Windows 98 - same at sister company. SC had a single licence of Office 2000 that was installed on every computer here and there. Every computer ran pirated CAD packages etc. There was also no domain.

          In the UK, the penalty is 2000 per seat per product. Microsoft Office counts as multiple products - Office Basic comprises Word, Excel and Outlook, so a pirated installation of Office Basic would bring a 6000 fine.

          My boss explained to management exactly what it would cost them if they were caught, and they instantly agreed something had to be done. All of the computers were replaced - it was more cost effective to get an up to date model, with a legal OEM Windows licence, than it was to buy retail licences for the existing machines. All of the software in use was purchased and a domain controller was installed.

          Make sure you have a clearly set out written policy. It took 4 months for our company to become compliant once my boss started. Because we had a written policy that we adhered to, that set out our expected progress and gave a completion date for when we would be fully compliant, we were therefore legally considered to be compliant.

          In short: the process of becoming compliant is seen as compliance in the UK, IF you can provide suitable supporting evidence.

          The only sure way to rid a machine of malware is to format and reinstall - which you'll be doing anyway if the operating systems aren't licenced.

          Make sure you also lock down employee access so that they can't install software, and more importantly get a company policy approved specifically forbidding it. That way if anybody does install something you don't have licences for, you can fire them without hassle, and it provides some measure of protection for the company.
          Gareth Howells

          BSc (Hons), MBCS, MCP, MCDST, ICCE

          Any advice is given in good faith and without warranty.

          Please give reputation points if somebody has helped you.

          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

          Comment


          • #6
            Re: What to do with a 'wild' network?

            Hmmm were would I start;

            First, create a (new) domain in a separate VLAN.
            Make sure non of your current clients are able to access the servers.

            If possible go for W2k8 and implement NAP and implement IPsec policies or 802.1x.
            Make sure that every non manageable client cannot access those servers via the NAP policies.
            Also NAP only works with Windows XP sp3 or Vista so you need to choose what OS you will later implement.

            Client side:
            First run a virusscanner on every client and when clean safe the data to one of the servers in your new domain.
            Next, reinstall every client with a licensed OS version.
            Make them domain member and you can start manage your first machine
            The access can be controlled through NAP, so if he removes the virusscanner (if you give him that permission) NAP will see that and makes sure it cannot access the servers until it's compliant again.
            However you need to have remediation servers for that. So you have to plan that option quite carefully.
            I don't know how many clients you have but you might considering buying some new sneakers :P
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: What to do with a 'wild' network?

              Thats funny--I'm thinking to myself "jeez, this situation is a goddamn nightmare," while you all are yawning quietly to yourselves and saying something to the affect of "been there, done that." Well, at least I know that I'm not all alone in this matter.

              IMHO, do a format and reinstall on each (after recovering data)
              Yes, its slow, but it puts you in a "known good" status and guarentees no virus or unlicensed software issues
              Yes, a fresh start seems like the best way to go. There really is no other way around it given all the unknowns, is there? I just wish that the "manager" in supposedly in charge of all this IT infrastructure would have actually managed things instead of going to the pachinko parlor every day, or whatever the hell he was doing.

              If possible go for W2k8 and implement NAP and implement IPsec policies or 802.1x. Make sure that every non manageable client cannot access those servers via the NAP policies. Also NAP only works with Windows XP sp3 or Vista so you need to choose what OS you will later implement.
              We already have too much invested in W2k3 so unfortunately upgrading to W2k8 is just not possible right now. We will be using IPSec to limit remote desktop access to the servers (is there anything else we should be using IPSec for?). For a time we will be forced to offer services to non-domain clients so we can't really clamp down too hard.

              Make sure you have a clearly set out written policy. It took 4 months for our company to become compliant once my boss started.
              All the various isolated networks are all going to be connected via a Gig-E backbone this month so we are having to write policy as we implement. I'm just hoping this all doesn't turn into as big of a mess as it potentially could...

              I don't know how many clients you have but you might considering buying some new sneakers :P
              ...yes it is going to take a lot of walking (and flying and driving) to clean up this mess...

              Comment


              • #8
                Re: What to do with a 'wild' network?

                Originally posted by grittyminder View Post
                ...yes it is going to take a lot of walking (and flying and driving) to clean up this mess...
                Make sure you INSIST on business class, and get to keep the frequent flier miles

                Seriously, its not that big a deal as long as you plan properly and document what you do
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: What to do with a 'wild' network?

                  Originally posted by grittyminder View Post
                  Thats funny--I'm thinking to myself "jeez, this situation is a goddamn nightmare," while you all are yawning quietly to yourselves and saying something to the affect of "been there, done that." Well, at least I know that I'm not all alone in this matter
                  Your biggest challenge will be management, especially given the financial situation. Show them how much the fines for piracy would be, and suddenly they're more open to suggestions
                  Gareth Howells

                  BSc (Hons), MBCS, MCP, MCDST, ICCE

                  Any advice is given in good faith and without warranty.

                  Please give reputation points if somebody has helped you.

                  "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                  "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                  Comment


                  • #10
                    Re: What to do with a 'wild' network?

                    Well don't see it as a mess but rather as a challenge.
                    How many clients are you talking about?
                    Maybe it's an idea to start using things like thin clients.

                    You have such a great opportunity... Enjoy it
                    Marcel
                    Technical Consultant
                    Netherlands
                    http://www.phetios.com
                    http://blog.nessus.nl

                    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                    "No matter how secure, there is always the human factor."

                    "Enjoy life today, tomorrow may never come."
                    "If you're going through hell, keep going. ~Winston Churchill"

                    Comment

                    Working...
                    X