by
Etienne Liebetrau
In large companies with bigger deployments it is easy for machines to fall through the cracks especially in remote offices. Perhaps there is a neglected PC stashed in a store room, or a server locked in a cash office. Losing track of hardware is one thing but more often than not, these machines are still on and still connected to your network making calls to the Internet. These old machines are probably running Windows XP or Server 2003. Synonymous with these two operating systems is the infamous Internet Explorer 6 (IE6).
IE 6 is old, really old. It was first released in August 2001. To give you an idea of just how old that is consider the system requirements for IE6 are:
IE6 with no service packs or security updates is a big security concern. So much so that Microsoft strongly encourages people to stop using it. They have even set up a dedicated site for keeping track of the decline of IE6 usage on the Internet. https://www.ie6countdown.com/
These old and discarded machines I refer to are often not actively used by anyone. They are silently ticking away in the background running a system such as digital signage, air conditioning and refrigeration monitoring etc. It is exactly for this reason that we don’t simply want to block access to these machines, but to identify, track them down and fix them.
I recently discovered a few of these machines with the help of Fastvue TMG Reporter. Using TMG Reporter's Alerts, I now get notified as soon as one of these machines makes a connection.
The procedure here uses the latest development build of TMG Reporter so the interface may look a little different. To update to the latest dev version go to https://www.fastvue.co/dev
You can add additional fields if you wish to get more details about the activity on these machines, such as the authenticated username, but this should do the trick. Having the full User Agent can help identify more information about the source machine such as the operating system. It also allows you to spot any false positives from other applications using a similar User Agent string. For more information about User Agents strings, see Everything you need to know about User Agents.
By specifying an email address, TMG Reporter will email the relevant people all the details without them needing to view the Alert in TMG Reporter.
The alerts can be viewed on TMG Reporter's Alerts tab. The list of alerts appear on the left, and when you select an alert, its details are shown in the alert evidence table to the right. The alert in the screenshot below shows a Windows Server 2003 machine accessing some Yahoo sites.
The email alert contains the same information and looks like this:
Getting rid of IE6 is important, and as an IT professional it is probably your responsibility. After configuring the alert, TMG Reporter will do all the hard work for you. That's all there is to it. Sit back, relax and wait for the zombies to come out and play!
Download our FREE 30-day trial, or schedule a demo and we'll show you how it works.
Testing and Monitoring Forefront TMG Malware Inspection and Intrusion Prevention (NIS) Systems
Make The World A Better Place with Fastvue and Microsoft Reputation Services (MRS)