- Aug 25, 2001
- 56,587
- 10,225
- 126
I am just curious how PC techs segment their network, for working on PCs.
I had a friend's relative tell me about their friend that has an infected PC that needs a re-format.
But they also need things saved off of their PC.
I was going to boot a Linux LiveUSB, and then save their HDD contents to an external HDD.
Was thinking how much easier it might be to have it save off to a NAS, using something like a Macrium Reflect Free LiveUSB.
Either way, then I'll maybe have to pull out e-mails, which I'm not quite sure how to deal with, as I don't do that often. (Mostly SOHO customers, very few business-oriented customers.)
But my primary question, was one of network segementation.
My current network setup, is two incoming internet connections, a Comcast (15/2) and a FIOS gigabit connection. I have a secondary router connected to the Verizon router, an Asus AC68U-family router, that serves as my local LAN router and wifi. The Comcast connection, slow as it is, is connected to an AC1900 Gateway modem/router combo. Currently, I've got a wired connection from my Asus LAN router, to the Comcast Gateway, as a failover connection.
So I was thinking, what way would be safe to connect up potentially-infected PCs. I could string a LAN cable, from the Verizon router, or from the Comcast Gateway. Probably the Comcast gateway, as I wouldn't want a virus to have access to a wide-open Gigabit internet connection to spread it's mayhem.
The other possibility, that I haven't explored, is using an additional Asus router, one with the Trend Micro network A/V software running in the router, and use that as a sort of controlled "quarantine" segment of my LAN, connected to the Verizon router, in parallel with my LAN router, but not directly connected to it.
So, PC techs out there, how do you do it? Full-blown PFSense with L7 filtering, and a DMZ? Something with consumer routers? Or just nuke-and-pave, and never let an infected machine online in the first place?
I had a friend's relative tell me about their friend that has an infected PC that needs a re-format.
But they also need things saved off of their PC.
I was going to boot a Linux LiveUSB, and then save their HDD contents to an external HDD.
Was thinking how much easier it might be to have it save off to a NAS, using something like a Macrium Reflect Free LiveUSB.
Either way, then I'll maybe have to pull out e-mails, which I'm not quite sure how to deal with, as I don't do that often. (Mostly SOHO customers, very few business-oriented customers.)
But my primary question, was one of network segementation.
My current network setup, is two incoming internet connections, a Comcast (15/2) and a FIOS gigabit connection. I have a secondary router connected to the Verizon router, an Asus AC68U-family router, that serves as my local LAN router and wifi. The Comcast connection, slow as it is, is connected to an AC1900 Gateway modem/router combo. Currently, I've got a wired connection from my Asus LAN router, to the Comcast Gateway, as a failover connection.
So I was thinking, what way would be safe to connect up potentially-infected PCs. I could string a LAN cable, from the Verizon router, or from the Comcast Gateway. Probably the Comcast gateway, as I wouldn't want a virus to have access to a wide-open Gigabit internet connection to spread it's mayhem.
The other possibility, that I haven't explored, is using an additional Asus router, one with the Trend Micro network A/V software running in the router, and use that as a sort of controlled "quarantine" segment of my LAN, connected to the Verizon router, in parallel with my LAN router, but not directly connected to it.
So, PC techs out there, how do you do it? Full-blown PFSense with L7 filtering, and a DMZ? Something with consumer routers? Or just nuke-and-pave, and never let an infected machine online in the first place?
Facebook
Twitter