In this first installment of RichM's journal of his daunting new job, he tackles dirt, warez, nmap and a dubious decision by the previous admin.

RichM Takes the Field

Don

all you showed was the Class C, can we assume thats all the computers you have?

I did show a Class C, however that may not necessarily be the case

are  you running Active Directory?

We are running AD, sadly it is in mixed mode while we show the dinosaur severs the door, should be fully integrated within the next few months.  I am EXTREMELY eager to lock the servers down using group policy

 I know you probably have to be a bit vague about the network setup but can you say what OS's you are dealing with? 2k, XP, 2k Server, 2k3 Server?

I am vague with something things (network class for example) so I can be detailed with other things.  We are running Windows Server 2003 R2, and Exchange 2003 (of course there are those NT boxes which are being phased out)

You may want to consider creating a baseline OS (master disk, whatever you want to call it) and image all of the machines on your network.

Chris, you read my mind   I am not willing to concede my network to someone else's effort (or lack there of) I am planning on creating a "golden image", which is locked down, free of unnecessary services, and uses efficient software as opposed to bloatware ex. foxit http://www.foxitsoftware.com/downloads/

  its a significant amount of work at first but will save you time later because you'll know that all your machines on your network have the same configuration and when/if a machine is compromised its easy to get that box up an running.

I couldn't have said it any better myself, there is a tremendous amount of piece of mind that comes with all that work

I can help you with that if thats something you want to take on.

I have read your posts in the past, and am thrilled that you have taken interest in my column. I am open to any and all suggestions, this task is somewhat overwhelming and I think that this column and everyone's feedback will help to give it focus.

I feel your pain RichM as I have been there too. I found that if the network is not too large you should try not to use DHCP. With DHCP users feel its ok to bring in there personal laptops and that’s when the viruses and Trojans join the network. I also found running ethereal (wireshark) for a baseline is a very good idea. A lot of networks I have had to clean up had crazy network traffic running wild and it's a good idea to understand where you started and where you are later in the game. One of the networks I fixed about 5 years ago was on a single T-1 with about 20 clients. The complaint was slow speed.... Well after removing about 4 hubs daisy chained and installing anti-virus on all the computers I also found that I need to see all the traffic on the network to see where the bottle neck was. I was able with a packet sniffer to see 5 client computers where listening to internet radio and a lot of others where running p2p network software. I ended up having to work with the owner or the business to explain what was good for the network and what had to go. Finley I got them thin-clients and since then they where able to down grade the full T-1 to a fractional T-1 because on the new clean network they where not using all the bandwidth. It just goes to show you that a clean network can & dose cost less to maintain and run than an un-maintained mess of a network. I wish you good luck and keep the story going.

Slimjim100

with group policy on 2003 server you can lock down the boxes pretty well.  that should help you out a bit if you have users that are doing things they shouldnt on the network.