Educause Security Discussion mailing list archives
Re: Checking for AV software on students machines
From: Mark Poepping <poepping () CMU EDU>
Date: Thu, 10 Jun 2004 15:25:51 -0400
And if people are going to answer that question, I'd add the issues of: . short-term visitors, especially day-long or week-long classes, trustees, or visiting researchers - does everybody have to run your software? . what about non-windows boxes? . what about embedded systems (e.g. IP phones, robots, security devices).. And for Brian Kaye talking about unb.ca.. "The conferencing people are happy".. Do you create a UID/PIN for each conference and expire the registrations (and UID/PIN) when the conference is over? Thanks. Mark. _____ From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Craig Blaha Sent: Thursday, June 10, 2004 3:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Checking for AV software on students machines The College of New Jersey briefly discussed expanding our EPO license to cover students and requiring an agent on student owned machines. We decided against it because of the support issues it could raise. I'm interested in how other people are dealing with the issue of mandatory anti-virus, patches, agents, etc. creating issues (either real or imagined) with a student machine. Do you charge for service, require students to sign a waiver, etc? Thanks, Craig Blaha Antivirus Administrator wrote: Hi all. I was informed of this recent discussion and joined this list to provide you with information about how we are doing things here at The University of Tennessee. Here is an overview of registration process. 1. We now truly have a private network. Students are required to register each semester. The computers only able to access our security, antivirus, DHCP, and DNS servers. There is currently discussion of forced re-registration for all computers, possibly more frequently. 2. When a Windows XP/2000 box attempts to register, the user is forwarded to a page to download an executable which is our "registration security tool". 3. This tool performs a series of checks on the registering system. It then applies service packs, hot fixes, McAfee AV & EPO, autoupdate repair and configuration, local security policies, and anything else we want the tool to do to the system. The software is only installed if needed (based on initial checks) to reduce registration time for properly configured systems. The tool is web based for efficiency and will only download the software that is required. 4. ***KICKER*** Only after it has been successfully executed does this tool update an internal database with all hardware (MAC) addresses that exist on the machine attempting to register. 5. The tool then guides the user through the registration process. If a Windows 2000/XP system attempts to register and is not found in the internal database, the system is always redirected to the security tool download page. On another note... For those of you using the EPO software, the system compliance profiler is a very useful tool to check for patches and any other registry settings or file versions. It is my hope to fully implement this with the new version of the EPO due to be released this year (currently in beta). Hope this is the info everyone needed. -- I. W. Woodle (Wes) OIT Customer Technology Support LaDS/FRP/Antivirus Administration University of Tennessee, Knoxville (865)974.9600 iwoodle () utk edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. -- Craig Blaha Associate Director Information Policy, Security and Web Development The College of New Jersey PO Box 7718 Ewing, NJ 08628 www.tcnj.edu -------------------------------------------------------------- Reminder: E-mail sent through the Internet is not secure. Do not use e-mail to send confidential information such as credit card numbers, changes of address, PIN numbers, passwords, or other important information. Your e-mail message is not private in that it is subject to review by the College, its officers, agents and employees. -------------------------------------------------------------- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Checking for AV software on students machines Antivirus Administrator (Jun 10)
- <Possible follow-ups>
- Re: Checking for AV software on students machines Craig Blaha (Jun 10)
- Re: Checking for AV software on students machines Mark Poepping (Jun 10)
- Re: Checking for AV software on students machines Brian Kaye (Jun 10)
- Re: Checking for AV software on students machines Antivirus Administrator (Jun 10)