General discussion


Viruses spreading across small networks

By helpline ·
I have had several cases where a virus has inadvertantly got into one pc on a network, eg the Antivirus XP 2009 trojan. Once in, it clearly opens up the PC to other malware, and then spreads to other PCs within the network, in a couple of cases the routers have also become infected.

Getting rid is not a problem, however trying to curtail the spread is stumping me somewhat. I thought I could control via static IP addresses but I can't think of a good piece of software to control this aspect.

It doesn't appear to matter what antivirus the guys have, Norton, McAfee, Bullguard, AVG systems have all been successfully attacked.

Most of these "soho" systems rely an a standard AV out of the box and windows XP firewall, and the firewall built into the routers, typically netgear dg834g/gt/pn/n or linksys wag160n, various Belkin models, etc.

Any ideas of software that could block lets say one pc so that other PCs could block any comms from a particular PC within a system - eg a child using the same internet connection on his/her lappie, as say another PC used for business?

Suggestions would be welcome

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

An often overlooked defense against malware is content restriction

by robo_dev In reply to Viruses spreading across ...

Anti-virus or anti-spyware are your last line of defense, your bullet-proof vest as it were. But any signature-based defense is vulnerable since it's purely a cat-and-mouse game to keep the most current signatures.

Other countermeasures that are just as important are:

1) content filtering proxy server: At a large firm, WebSense proxy does a very good job filtering both inappropriate content as well as malware-laden content (the two go hand-in-hand). For home and small business users, I've used a product called Rhinosoft AllegroSurf which does the same thing, but costs less.

For younger users, AllegroSurf can be setup to have a strict whitelist. With a whitelist you cannot get a virus or malware, assuming you only allow trusted sites on the whitelist.

2) Safe-browsing plugins: I use both LinkScanner Pro and Finjan Secure Browsing plugins on my PCs. You would be surprised how many virus/malware infested websites you pickup off of google. A browser plugin will alert you of these.

3) User education: you have to rap the knuckles of these people so that they never click on popup ads, fake virus warnings, etc.

4) Safer Browser/Email Client: It's not perfect, but Mozilla Firefox is more bulletproof than IE, in my experience. And Mozilla Thunderbird is much much more secure than Outlook Express when it comes to malware/virus vulnerabilties.

Collapse -

soho network internal filtering

by helpline In reply to An often overlooked defen ...

Robo - Many thanks for your constructive thoughts, I believe that you are in the same line of biz as I am; dealing with professional firms is so much easier in terms of resources and commitment to manage networks securely, Small soho networks suffer from users who have little or no knowledge (or interest) in managing these things till too late.

I have found that content filtering often is compromised or mismanaged by these same people. Further switching them to Firefox is also something they are often uncomfortable with.

This is why it would be much easier to manage these networks much in the same way as Cisco provides (IOS) whereby we can restrict access bwteeen PCs on the same network by IP address using static IP addresses. The advantage would be is that this is transparent to the user, and ensures that the kids PC on the same network is "isolated".

Do you have any ideas on this front, or even soho routers that could give the same level of internal protection?

Collapse -

Stop them logging on with Admin rights to the PC

by The 'G-Man.' In reply to Viruses spreading across ...

& sandbox their browsers

Collapse -

securing PCs witin a soho network

by helpline In reply to Stop them logging on with ...

Hi thanks for your reply - unfortunately unless I misunderstand you - defining admin rights on a PC itself won't help. As I said in my initial discussion item, the problem here is a soho network were there are several PCs, one of which may be used for business and another which is used for kids (fairly common on sole trader businesses).

The business computer has all the security on it and connects typically via a linksys router (WAG169n) to the net. The kids ditto, but invariably these latest trojans come via the kids surfing the net, hijacked websites and the like. Once in on the kids PC, it is inside, and passively manages to corrupt other PCs within the soho network.

So I don't believe that admin rights would help here.

I'm also not sure what you mean by sandbagging - I'm familair with the term but not how you suggest it should be applied to IE7 etc?

In my posts I am looking for ideas where I can isolate a particular PC via static IP addresses and block anything on the other PCs via the static IP address - very similarly to the way that Cisco's IOS works, but in this case on less feature rich routers.

So still open here for some suggestions that would help to isolate the risk that usually comes from the young and unwary?

Collapse -

Why not take the problem to an IT Consultant?

by The 'G-Man.' In reply to securing PCs witin a soho ...

oh, are one, sorry.

What research have you done so far yourself that can help?

The answer is set-up some VLAN's.

Related Discussions

Related Forums