Problem In this day and age of worms that proliferate in minutes, you want to keep machines you're installing free of worms and viruses during the actual setup process itself. Solution Here are some tips on avoiding a pre-installation worm infestation:
Perform your installation behind a firewall. -
Even if you purchase a cheap home/small office-style firewall and router device, that should help deflect the fiercest of worms from your vulnerable machines.
Disconnect the computer from the network and join a domain after install. -
If you aren't making use of RIS and have regular CD media, consider simply removing the network cable from the computer during the installation. There's really no effective difference in joining a domain during the installation or joining it after you've had a chance to boot the system and install protective software.
Use a private RIS server placed behind your firewall. -
If you have a spare license of Windows 2000 Server or Windows Server 2003, you can install a RIS machine behind a firewall but disconnected from the Internet, and you can commence network installations on that private network, safely guarded from the perils of the open Internet connection.
Use a CD with a slipstreamed service pack. -
If you must install with an active network connection, at least use the most updated copy of the installation materials you can. This will at a minimum prevent historic worms from infecting during installation, but it's a less desirable choice because new threats may exist that can penetrate the machine during the setup process.
Use a separate VLAN on your network to quarantine machines being installed. -
If you have rather sophisticated switches and network management gear, you can filter traffic to and from a certain VLAN and effect a poor man's quarantine, so if you set up machines within that VLAN, you've added another layer of protection. Of course, you'll want to install antispyware and virus protection as soon as possible. Discussion If at all possible, the best solution is to use a firewall, however inexpensive, for installations where a network connection is required. Of course, you can absolutely protect against Internet-borne viruses by installing Windows XP with no connection to the network. See Also Recipe 2.15 for slipstreaming a service pack into new installation media |
