Educause Security Discussion mailing list archives
Re: Checking for AV software on students' machines
From: Brian Kaye <bdk () UNB CA>
Date: Thu, 10 Jun 2004 16:10:16 -0300
We have been regiereing "most" computers centrally now since about 1996. All IP addresses are statically assigned to a MAC address. We implemented the system as we were coverting from a building/ department based subnet network to function based networks (staff student, resnet etc) and converting to 100Mbps to the desktop. Unregistered computers are dropped into a "default" vlan. Their first access to a web page gets redirected to a registration page. They have to enter their university id and PIN. Then the AUP is displayed and we pick up their MAC address and assign an IP address on the network to which they are entitled. The magic behind the scenes configures all the switches involved. We ask them to reboot to get the new adddress assigned (not really necessary but it makes everyone comfortable). One advantage is that the machines are totally mobile and we do not have to get involved in office changes or any other sort of a change. We have been talking about doing some scanning in this process but have not got around to it (staff changes have left us short of labour). As part of normal operations we do detect machines doing "bad things". These machines are manually dropped into the "bad boys and girls VLAN" which cannot go anywhere off campus. When sanitized the machine is put bach into their normal network. As for flack about requing central registration of machines we still have a couple of "reluctant" departments who thing they are different but for the most part its been a great success. We get people on resnet in a matter of minutes instead of weeks. The same is true for other new machines. It also makes our conferencing folks real happy when they can easily have people in conferences use the network. ......Brian Kaye ......University of New Brunswick On Thu, 10 Jun 2004, Steve Schuster wrote:
Date: Thu, 10 Jun 2004 10:50:03 -0400 From: Steve Schuster <sjs74 () CORNELL EDU> Reply-To: The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Checking for AV software on students' machines This has been a great conversation and very timely from our perspective. We have performed regular security scans of ResNet and the Cornell server farm for a couple of years now as part of our normal practice. In addition, we regularly block network access for systems that are found to be exhibiting inappropriate behavior. We are currently in the process of expanding operations in the area of scanning: 1. We have just published policy to require all computers on our network to be centrally registered. 2. We will be scanning all student systems with 24 hours of network registration this fall. Those found vulnerable will have their network access suspended. We'll be checking for common things like no passwords on accounts, open fileshares, etc. 3. We are also xpanding our scanning to include additional systems outside ResNet and the server farm. We want to move to assessing for AV installation and acceptable patch level but that will come at a later time. We are currently running into a backlash with respect to policy requiring the registration of all computer systems that are on our network. Can you help me gauge if there are other schools who also require this? Thanks, sjs At 09:12 AM 6/10/2004, you wrote:Thank you for this excellent report from UC Davis. Virginia Tech is making similar plans for network registration and scanning, and we appreciate everyone sharing their experiences. Mary -------------------------------------------- Mary Dunker Secure Enterprise Technology Initiatives Virginia Tech Information Technology 1700 Pratt Drive Blacksburg, VA 24060 (540) 231-9327 FAX: (540) 231-7413 dunker () vt edu -----Original Message----- From: Robert Ono [mailto:raono () UCDAVIS EDU] Sent: Wednesday, June 09, 2004 4:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Checking for AV software on students' machines Jeff, We are in the process of expanding our vulnerability scan that takes place as part of our authentication to campus-wide web-based applications. See http://security.ucdavis.edu/vulnscanrpt.pdf for further information. Let me know if you have any questions. BobNathan- I unfortunately don't have an answer to your questions regarding verification of AV software on client machines, but I was wondering ifyou could provide some details on how you accomplished your first goal- verifying for patches before a student machine is allowed on thenetwork.We are currently investigating ways to drop student machines into a "quarantine" VLAN if they are not up to the latest Windows patches, but so far have not found an effective way to do that check. Does yoursolution require some kind of pre-installed client agent? I didn't see anything in a previous thread, but if you've already answered that question my apologies. Any insight, advice, horror stories you could provide would be greatly appreciated. Thanks, Jeff Giacobbe Director of Systems, Security, and Networking Montclair State University Nathan Hall wrote:Now that we have found a way to check students' machines for missingpatches before they are allowed on the network, we are looking toexpandto checking for the presence of updated anti-virus software. This requires access to the students' machines, so we are looking at usingaweb page with a .NET component to perform the check. A few questions: 1) Is anyone else doing something like this currently? 2) How have you implemented this (web page w/ ActiveX/.Net,downloadableprogram...)? 3) What do you look for to determine if AV software is present(registryentries, services, running processes...)? 4) How successful has it been? 5) Pitfalls? Any other input would be appreciated too. Thanks in advance. Nathan Hall System Administrator SUNY Oneonta Oneonta, NY 13820 (607) 436-2708 ********** Participation and subscription information for this EDUCAUSEDiscussion Group discussion list can be found at http://www.educause.edu/cg/.********** Participation and subscription information for this EDUCAUSE DiscussionGroup discussion list can be found at http://www.educause.edu/cg/.Robert Ono, CISSP IT Security Coordinator Office of the Vice Provost, Information and Educational Technology UC Davis 530.757.5795 Desk ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.--------------------------------------------------------------------------------------------------------------------- Steve Schuster IT Security Office Cornell University Work -- (607)255-8825 Cell -- (607)351-1386 --------------------------------------------------------------------------------------------------------------------- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Checking for AV software on students' machines, (continued)
- Re: Checking for AV software on students' machines Nathan Hall (Jun 10)
- Re: Checking for AV software on students' machines Dunker, Mary (Jun 10)
- Re: Checking for AV software on students' machines Gibbs, Aaron M. (Jun 10)
- Re: Checking for AV software on students' machines Shawn Kohrman (Jun 10)
- Re: Checking for AV software on students' machines Ariel Silverstone (Jun 10)
- Re: Checking for AV software on students' machines Brian Eckman (Jun 10)
- Re: Checking for AV software on students' machines Jason S. Cash (Jun 10)
- Re: Checking for AV software on students' machines Steve Schuster (Jun 10)
- Re: Checking for AV software on students' machines Cal Frye (Jun 10)
- Re: Checking for AV software on students' machines Jason S. Cash (Jun 10)
- Re: Checking for AV software on students' machines Brian Kaye (Jun 10)