This Microsoft network has been hit by spyware and viruses and I am battling to keep it a float. They are using MS 2003 server r2 (backbone OS) as there main operating system and XP as there workstations. They do not have any policies on the desktop and they allow all of there users to go to any site that they want without restriction. The website was also hacked and is being hosting outside of there network.There are two subnets, one private and one for there clients. They are sperated by only VLANs. They have one MS server that connects to both subnets.Here is a picture of the network:
PHP Code:
T1/ISP Router DSL/Router
| |
| |
Cisco 2811 router Dell Switch-----Dlink Switch----Dlink Switch
| |
| |
3com Switch/Dell Switch | VLAN 10/192.168.5.0
| |
| VLAN 2/192.168.3.0 |
| |
MS Backbone Servers--------MS Server---------------------Guests
|
|
LAN
There current issue are:
I have looked at the routers and there was a bandwidth mismatch that was causing issues but they are stil having drops via the internet.
The web browser constantly drops(http-80)-I believe the virus and or spyware has something to do with this. They are using MicroTrend anti-virus and it is having trouble removing all of the garbage. In addition to the web browser, several Xerox multifunction centers that connected to the LAN where user scan documents and them it send it to the mail server to that is can be read via outlook keeps dropping. There are random issue on this network. I have used wireshark to look at the traffic and all I can get out of it that I am able to view the traffic path, protocols that used and where the packets are droppin, mostly 80 and 8080. I have scanned the firewall using nmap and I can only see that they have 80, 443 open to the public. I would like to implement a Squid and filter for web sites. Also I would like to implement a firewall.
My questions is:
1 - What would be the best way from looking at my diagram from above to secure this network and could the spyware and virus be the root of the issue for the internet dropping. I was told that it has been this way for a long time.?
2 - Would squid be an appropriate solution for a windows based network and will it require a special configuration for this type of setup. Can some also recommend a decent open-source web filter other than Dansguardian. I need something more robust.
3 - I need a network monitoring tool that is able to look at netflow traffic, good mapping, and just decent overall. I have look at zenoss. Any other recommendations?
4 - Would this be a decent approach for security:
PHP Code:
T1/ISP Router DSL/Router
| |
| |
Cisco 2811 router Dell Switch-----Dlink Switch----Dlink Switch |
|--------------------------DMZ------------|
| |
3com Switch/Dell Switch | VLAN 10/192.168.5.0
| |
| VLAN 2/192.168.3.0 |
| |
MS Backbone Servers Guests
|
|
LAN