my business network keeps getting hacked, need help inside.

Last edited:
Killjoy great writeup!! wonderful information. Very thought out. You should take a bow. I use openwrt on my linksys routers and have had no issues. Plus you get some great features. I always thought Zyxel was a lower end brand. If you discovered the source of the hack that is the biggest issue. I didn't realize teamviewer had so many issues. I will delete it also. It is just an easy way to get onto my office computer from home which is likely why it is so popular.
 
I'd buy a cheap firewall like a Palo Alto PA200 or a Cisco ASA5505... or even a Juniper SRX. They're pretty much junk firewalls as far as I'm concerned but they're fine for a small business. The PA200 is more suitable for people that don't understand how to networker let alone serverer or computerer.

You can then use OpenVPN or AnyConnect (if you buy the Cisco and a license) to set up a VPN session to access your crap remotely, then just terminal servers/RDS/RDP to get to your stuff.

I'd rather expose vanilla RDS on a 2012R2 box to the internet than deal with TeamViewer, VNC, etc.

Most of the consumer-grade wireless routers are fairly insecure. I've settled on Asus RT-AC66 and RT-AC68 for most stuff that isn't work.
 
Thank you for all the help, there is a lot of really good information for me here.

Patrick and I talked (LT1Pat) and we came to the conclusion that my teamviewer id and username got compromised (most likely phished) and that was their way to get into the network since used the same login and password for a few different accounts.

All the router settings were not changed because I had a unique password so they could not login, and it doesn't appear that anything else on the network was compromised.



any recommendations on new equipment?

At the very least, I'd look for a good firewall. Personally, I have a Fortigate Fortinet 60B which would be good for a small business. With that between your router (the firewall can act as a router for your inner-network traffic) your switch (the firewall also allows for 6 devices connected to it in its default setup allowing it to act as a switch) you should be fairly safe. Now, the 60B is no longer supported so you may want to find a newer version if you want the support and features such as anti-virus, data loss prevention and other features of that nature. The unit out of the box, unlicensed/supported will still offer great firewall functionality.

Team Viewer, while easy to use and manage a group of devices, its creates too many wholes to use at a business level. The Fortinets (and most other firewalls) have a VPN client that you can load onto your personal computer and VPN into your work network to get to what ever you may want. Its far more secure than Team Viewer and, easily logged on the firewall too!
 
I have this guy on the way, 1000mW of output power, should work well. It's only 2.4GHz, but there are only 3 other networks that pop up when I scan the airwaves. My DLink DIR-825's only put out about 70mW, so this one will have a far stronger signal. I'm on the fence as far as using RouterOS or OpenWRT. RouterOS is way more feature rich, but I do love OpenWRT. This is a demo of the web GUI for RouterOS: http://demo2.mt.lv/webfig/

RB2011UAS-2HnD-IN_2.jpg


rb2011uias-2hnd-in-4.jpg


mikrotik-routerboard-rb2011uias-2hnd-ath74k-128mb-ram-1xsfp-5xlan-5xgbit-lan-routeros-l5-802-11b-g-n_ies206678.jpg
 
Last edited:
Mikrotik and Ubiquity are a very good alternatives to brands like Cisco and Juniper. This is a really nice router, everything is fully configurable, and one can even use OpenWRT if they are so inclined to install it. 1000mW of output power on the wifi means you will have very, very good coverage. http://www.amazon.com/gp/product/B0...rue&ref_=ox_sc_act_title_1&smid=AWXBONHVNQ00F

I'd buy a cheap firewall like a Palo Alto PA200 or a Cisco ASA5505... or even a Juniper SRX.

I have a Fortigate Fortinet 60B which would be good for a small business.

If you're looking for a little better firewall than what you have, I have a Sonicwall TZ 210 I don't use anymore that I would sell cheap.

I have that cisco firewall here :) I am sure I can make a deal on it.

Cisco ASA 5510 Adaptive Security Appliance ASA5510 V06 68-2618-04 COMN510CRA K9


Darko - I personally wouldn't go too overboard on upgrading the router/firewall. If you can get OpenWRT installed on your existing Linksys router, I think that'd be fine for your needs. You'd need to get OpenWRT firmware flashed, plus OpenVPN configured (preferably with Google Authenticator or some other 2FA, very strong password if not). And it wouldn't hurt to enable syslog so that all logs from OpenWRT are sent & archived to another PC on the work network. With that setup, then you just need the OpenVPN (or other) IPsec client on your remote machines to access the work network... then RDP or whatever once connected. Just make sure to dump TV.

I normally work with the enterprise-class stuff, so Cisco, Juniper, Checkpoint, F5, HP TippingPoint, etc. But all of these are going to be way too much $, and require too much expertise & time to get setup. I'm familiar with the names listed above as all being reputable, but I've never used them personally. I'd also add WatchGuard firebox as another contender, as well as the Checkpoint UTM 600 device. With all of these, you're going to need to decide how much "security doo-dads" are worth to you. Some of these devices are UTM, in that they can scan traffic for viruses and other threats. While that's great, the downside is they all usually require a monthly/annual subscription ($$) and while they do provide some level of added protection, it's certainly not utopia. For a small business like yours, personally, I would avoid the ops costs of these things... just get a solid device that can do NAT/firewalling, wifi if you need it, and most importantly, supports IPsec and/or SSL VPN so that you can dump TV and remotely access your work network securely.


What is your thought on a ZyXEL routers?
I'm not a big fan. I've never used one, but would favor any of the other bands listed in this post above.

I have this guy on the way
Tin - that certainly looks interesting. I have a TP-Link running Gargoyle right now, and while I'm happy with it, the wireless range could certainly be improved. I even purchased 3 higher gain antennas, but it didn't help much - lose wifi while in the detached garage. Would be nice if I could use those same antennas on this Mikrotik box. RouterOS looks interesting & feature packed - probably not for the newbie tho - lol.
 
Tin - that certainly looks interesting. I have a TP-Link running Gargoyle right now, and while I'm happy with it, the wireless range could certainly be improved. I even purchased 3 higher gain antennas, but it didn't help much - lose wifi while in the detached garage. Would be nice if I could use those same antennas on this Mikrotik box. RouterOS looks interesting & feature packed - probably not for the newbie tho - lol.

I tried 9dBi antennas on my DLinks but the max transmission power is hardware limited. I saw very little difference between the factory 4dBi and 9dBi. I should have it tomorrow, so I'll report back my impressions sometime in the next few days.
 
Darko - I personally wouldn't go too overboard on upgrading the router/firewall. If you can get OpenWRT installed on your existing Linksys router, I think that'd be fine for your needs. You'd need to get OpenWRT firmware flashed, plus OpenVPN configured (preferably with Google Authenticator or some other 2FA, very strong password if not). And it wouldn't hurt to enable syslog so that all logs from OpenWRT are sent & archived to another PC on the work network. With that setup, then you just need the OpenVPN (or other) IPsec client on your remote machines to access the work network... then RDP or whatever once connected. Just make sure to dump TV.

I normally work with the enterprise-class stuff, so Cisco, Juniper, Checkpoint, F5, HP TippingPoint, etc. But all of these are going to be way too much $, and require too much expertise & time to get setup. I'm familiar with the names listed above as all being reputable, but I've never used them personally. I'd also add WatchGuard firebox as another contender, as well as the Checkpoint UTM 600 device. With all of these, you're going to need to decide how much "security doo-dads" are worth to you. Some of these devices are UTM, in that they can scan traffic for viruses and other threats. While that's great, the downside is they all usually require a monthly/annual subscription ($$) and while they do provide some level of added protection, it's certainly not utopia. For a small business like yours, personally, I would avoid the ops costs of these things... just get a solid device that can do NAT/firewalling, wifi if you need it, and most importantly, supports IPsec and/or SSL VPN so that you can dump TV and remotely access your work network securely.
The TZ210 is probably a little overkill, but when I say cheap, I was thinking like $50 LOL Otherwise, it sits around collecting dust.
 
The TZ210 is probably a little overkill, but when I say cheap, I was thinking like $50 LOL Otherwise, it sits around collecting dust.
Yea, it may be a good option then! Assuming he doesn't need wireless.


I should have it tomorrow, so I'll report back my impressions sometime in the next few days.
I just bought one myself 5 minutes ago - couldn't resist. $100 is pretty cheap if it'll do what I hope it does!
Thinking I will try out the RouterOS to begin with, but I want to do a little more research on past vulnerabilities, etc. The fact that it supports many features of the box that you normally have to tweak OpenWRT/Gargoyle to get, plus the GUI appears to be a little more sophisticated that OpenWRT... makes me want to give it a shot.

I have a 24 port L3 gigabit switch for the home network, so this thing will just act as the Internet gateway + wifi duties. Hoping the wifi coverage improves vs what I have today. If not, I can setup the current TP-Link as a wireless repeater and put it in the garage. Win either way...
 
Yea, it may be a good option then! Assuming he doesn't need wireless.



I just bought one myself 5 minutes ago - couldn't resist. $100 is pretty cheap if it'll do what I hope it does!
Thinking I will try out the RouterOS to begin with, but I want to do a little more research on past vulnerabilities, etc. The fact that it supports many features of the box that you normally have to tweak OpenWRT/Gargoyle to get, plus the GUI appears to be a little more sophisticated that OpenWRT... makes me want to give it a shot.

I have a 24 port L3 gigabit switch for the home network, so this thing will just act as the Internet gateway + wifi duties. Hoping the wifi coverage improves vs what I have today. If not, I can setup the current TP-Link as a wireless repeater and put it in the garage. Win either way...

Same here. I have a 24 port managed Netgear, just needed it for the WiFi, gateway, and firewall, and DHCP. My setup now is a trio of DIR-825s running OpenWRT, one as a gateway and the others as repeater bridges.
 
Back
Top