[SOLVED] Question regarding security

[DumbBlondGuy]

Hi

I have a work PC conncected using my home internet access as I work from home. I received an email from the IT department today informing me that there was a brute force attack made on my work PC - 20000 login attempts. They asked me to contact my ISP and inform them that someone might from the outside might have access through open ports - that they should look into their port forwarding settings. I did all of that, but currently my ISP is looking into it, and will call me within 24h.

My question is related to my private PC. I know it is not as secure as my work station. What should I do here? Should I assume my PC is compromised and a 3rd party has access to my data? Is there any way to check?

I do not have windows login set up - i'm the only user, and I assumed burglary is unlikely. Does this matter here? Should I install 3rd party firewall? If so any recomendations?

 

[DeauteratedDog]

How is your home PC connected to the Internet? Is there a router, or are you connected directly to a modem? If you have a router, you are protected from most external attacks.

Do run an anti-virus scan or two on your PC, downloading something bad can expose it to attacks.

 

[SamirD]

This is why connecting work pcs to home networks is a really, really bad idea. All a baddie has to do is gain any access to the network and they can start attacking the business computer.

What you really need are two isolated networks--one for work and one for home. You can easily do this if you have 2x more routers--simply plug one router in each for your home and work into a router which is plugged into your isp connection. It's double nat but it should work.

Because of the first router, no one should be able to access your network from the outside unless it is from inside out. The other two routers work the same way and also additionally prevent those two networks from talking to each other while they both still have Internet access.

You will have to assign different IP addresses for all 3x segments and I would recommend using all 3x of the private networks available, one on each router--192.168.x.x, 172.16.x.x, and 10.x.x.x. Technically this really shouldn't matter, but it definitely doesn't hurt.

And an easy way to find out if your home computer is the issue--disconnect it and shut it off for a week. If the IT dept doesn't see any more attacks, then it's your system for sure.

 

[DumbBlondGuy]

I do not have a router. My PC is connected by an ethernet cable with the modem and thats it. Since I only have one port, I switch the computers, so it's not my home PC as the two are never connected at the same time. I did antivirus scan with windows built in one and once by Malware Bytes and they didn't find anything.

My ISP did come back to me but preditcablty they did not find anything. This probably means I'm going back to the office (and changing ISP but my curent contract still has a few months in it).

However my work PC does not wory me that much, there are two IT teams (that I know off) who are working on that computers security. My worry was mostly for my home PC. "If the work PC is under attack, does that mean my home PC is under attack?"

I did some reading yesterday and as far as my limited understanding is I'm thinking no. I know our work computers are set up for remote access, which I belive is what is being attacked here. My home PC is not so I think I'm fine.

 

[USAFRet]

I do not have a router. My PC is connected by an ethernet cable with the modem and thats it.

That is specifically what a router prevents.

Your one system, being directly behind the modem, IS getting attacked. Allt he time.
A router simply throws those external requests out, and they never reach a PC.

So yes, your work PC is seeing a lot of access attempts.
When your home PC is connected, it is ALSO seeing all those attacks. The only difference is that you don't have an IT staff to tell you about it.

GET A ROUTER.

 

[SamirD]

That is specifically what a router prevents.

Your one system, being directly behind the modem, IS getting attacked. Allt he time.
A router simply throws those external requests out, and they never reach a PC.

So yes, your work PC is seeing a lot of access attempts.
When your home PC is connected, it is ALSO seeing all those attacks. The only difference is that you don't have an IT staff to tell you about it.

GET A ROUTER.

Yep, as the man said--you're definitely under attack. We have an enterprise grade router and here's some scary statistics to share with you: we see a packet from russia/china/europe/elsewhere attempting to reach behind our router EVERY 6 SECONDS 24X7.

I am able to program a blocklist based on attempted access, etc and I usually have at least 1000 banned IPs at any point in time. Without a router, your machine is probably already compromised and I would not connect it to the Internet again until you wipe it clean and start over. Otherwise, you might as well just funnel all your data to the baddies as they have a connection to that system for sure.