|
Title: Network with compromised machine Post by: Vegetablepin on August 12, 2016, 10:37:09 PM best way to isolate a clean machine on a network with compromised ones?
Title: Re: Network with compromised machine Post by: unamis76 on August 13, 2016, 04:25:44 PM Disconnect it from the network immediately. Clean the compromised machines.
If these aren't feasible solutions, install a firewall and an antivirus... Title: Re: Network with compromised machine Post by: ColderThanIce on August 13, 2016, 06:08:49 PM As unamis76 mentioned, your first step should be to disconnect that device from your network, as well as any other connections to other devices. Instead of cleaning the infected computer I'd recommend backing up important data using a Bootable OS (Ubuntu, for example) , then completely wiping the drives in the machine, and finally reinstalling the operating system. That should ensure the machine is no longer infected (as long as the virus doesn't lie within the motherboard's BIOS).
Title: Re: Network with compromised machine Post by: Vegetablepin on August 13, 2016, 07:39:48 PM (as long as the virus doesn't lie within the motherboard's BIOS). Any examples of this? What are the vectors from a compromised machine on a network? Can running an OS within an OS, or something of that nature, protect from these? Title: Re: Network with compromised machine Post by: cr1776 on August 13, 2016, 09:25:15 PM (as long as the virus doesn't lie within the motherboard's BIOS). Any examples of this? What are the vectors from a compromised machine on a network? Can running an OS within an OS, or something of that nature, protect from these? If you google bios virus, you'll see examples: e.g. http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html |