Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Quarantining


  • Please log in to reply
11 replies to this topic

#1 wwein

wwein

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 22 January 2010 - 10:41 PM

Hey guys

I'm a computer tech by trade and work from home. Customers bring me their computers, I fix them and give them back. Of course, occasionally I'll receive a computer with various malware infections. Unfortunately, these days all the best malware removal tools (adware, spybot, avg, etc) require online installation and updates. Between that, windows updates, and the convenience of downloading files directly to their computer, I frequently add them to my home network.

Being tech-happy, I have various folders on our menagerie of home computers shared, some with write-access, and others with sensitive information (client contact info etc). As I know malware likes to explore networks, I always take the precaution of disconnecting all our home computers from the network before connecting the customer's computer. This is getting old fast! I'm wondering if anyone knows a safe way to put a computer onto a network to allow it internet access but NOT file-sharing access. Bare in mind we're often dealing with badly infected computers (including nasty root-kits), which means turning off file sharing on the infected computer is not good enough.

My only idea at the moment is to password-protect shared folders, but I can see this being just as irritating as I'm constantly accessing files from different computers. My home computers run on XP, Vista and Win 7, and everything goes through the AT&T Uverse router.

All suggestions and options welcomed!

BC AdBot (Login to Remove)

 


#2 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 22 January 2010 - 11:01 PM

As long as you do not set actually join the Network or make it part of the Network = same Workgroup name then you should have no cross infection risk.

Disable file and printer sharing on the infected machine. If you wish you can do that temporarily on the other PCs on the network as well.

Edited by ThunderZ, 23 January 2010 - 06:46 AM.


#3 wwein

wwein
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 06 February 2010 - 05:56 PM

Thanks for the reply. The problem with that suggestion is that I'm changing the settings on the infected computer, and its infection could override any changes to the settings I make. To be a working solution I have to be able to tell my computers on the network, or the router to ignore the infected computer. It's like putting infected people into a locked room and calling it a quarantine. If i leave the key on the inside of the door, the infected people can potentially unlock the door and infect us, or I could leave the key outside the door and tell no one to go in that room!

Any other suggestions anyone can think of, or can it not be done?

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:33 AM

Posted 06 February 2010 - 06:31 PM

Install Panda Vaccine on your main computer, so nothing from the outside world will autorun: http://www.pandasecurity.com/homeusers/downloads/usbvaccine/

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 wwein

wwein
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 08 February 2010 - 01:57 PM

Thanks for the suggestion Broni. It's a useful tool to have, and since I often use a USB flash drive to move files between computers it's a tool worth getting! However it doesn't solve my problem as it's only pertinent to portable media (USB/CD/DVD) and not networks.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:33 AM

Posted 08 February 2010 - 02:25 PM

No. When you vaccinate your computer, nothing from the outside world will autorun.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 wwein

wwein
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 08 February 2010 - 02:50 PM

Maybe the address is wrong? The tool you linked to is "Panda USB Vaccine - Antimalware and Vaccine for USB devices", which just prevents the Autorun file from being automatically executed when you put portable media in your computer. Write access to files across a network doesn't work through an autorun, it's basically the same as opening a file on your computing, changing it, and then saving it. My problem is the latter - the risk of malicious programs of a computers on the network overwriting my files.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:33 AM

Posted 08 February 2010 - 02:59 PM

You're right. I was wrong.
Other than what ThunderZ said already, I don't know, if anything else can be done.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 wwein

wwein
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 08 February 2010 - 03:11 PM

I wondered if there might be a way to do it through a second router. Ie to plus that second router to the AT&T router, and plug the infected computers into that second router. I can't think of a router that allows it, but there must be one that allows you to turn off file sharing there. If so, the infected computer couldn't change the router's settings, and my computers would (I think) safely share file access on the AT&T router.

It occurs to me that on large local networks (schools, businesses, hospitals etc) they must have closed networks that allow file sharing, but open networks for wireless access. Yes the probably mostly use usernames/passwords, but even that would be a fine option so long as there was a way to automatically sign in.

#10 Orecomm

Orecomm

  • Members
  • 261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseburg, Oregon
  • Local time:08:33 AM

Posted 15 February 2010 - 05:50 PM

A second router will get you there. To keep it simple, use a SOHO router with the WAN side connected to your home network and put the "victim" on the LAN side. Before you connect the router you need to change the LAN address to something OTHER THAN what you are using for your home network. Otherwise, chances are that your home net is on 192.168.1.x and so is the default inside address, and when you configure the same address on both sides of a router it tends to get a tad confused. Once the router is in place insert a firewall rule on the new router that DROPs (or blocks) all traffic to and from your home network range. The router will still route through, but the "Victim" should be unable to access, or be accessed by, anything on your home net. You will be double-NATting the victim connections, but that shouldn't be a problem for normal download activity. If you need specifics and have a model router you want to use let me know.

Several of the open source router firmwares will let you do this without the second router, using port VLANs, but the setup is more complex.

#11 TheyCallMeMrGlass

TheyCallMeMrGlass

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:33 PM

Posted 16 February 2010 - 08:06 AM

Sorry, I'm eavesdropping here but Wwein question is a great one and is of interest to me. And I have to say Orecomm's solution sounds brilliant. Perhaps a little expensive because you have to buy a new router but it sounds extremely secure and simple. I think Orecomm will soon become a master on this forum as he provided me with a great solution to a network conundrum I currently have.

Edited by TheyCallMeMrGlass, 16 February 2010 - 08:07 AM.

"I saw 3 Dusters like this one, at the station. Inside the dusters were 3 men. Inside the men were 3 bullets"

#12 wwein

wwein
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 17 February 2010 - 07:47 PM

Thanks for the advice Orecomm. I've taken a leave from my work for a week or two for various family occasions, but will go ahead and get this problem fixed when I start working again. The theory of the idea had made sense to me, but I wasn't sure if router's would provide this functionality, so it's good to know some do. I tend to use netgear and linksys wireless routers and suspect I still have a couple somewhere in the house I'll need to dig up.

That solution should work for me, but if anyone has any alternatives I'm always interested in new solutions!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users