Re: Checking for AV software on students machines

[Brian Kaye <bdk () UNB CA>]

For individual visitors the sponsor registers the machine(s). The sponsor
can set an expiray date.

For conferences we have a "module" in the registarion system that handles
this problem. A conference convenor signs on to the conference system and
creates a conference. The system generates special one time keys that the
convenor hands out to conference attendees. When a conference trys to use
the network they get redirects to the registration page. They selects
conference on the page and then enter the conference key to get
registered. The conference registrations all expire automatically when the
conference is over. The same is true for resnet. When the academic year
is over the resnet registrations expire. The granularity is 1 day.

One thing I negelected to mention in my earlier message is that the AUP is
displayed as part of the process and later emailed to them so they have
two chances to read (ignore it).

As for embedded systems like printers our system has an administrative
interface that allows for manual registration of printers, lab machines,
servers and other non-personal things.

The "acting" Director of ITs is putting less emphasis on security so I
doubt we will get the resources to "scan" in the near future.

......Brian Kaye
......University of New Brunswick


On Thu, 10 Jun 2004, Mark Poepping wrote:

> Date: Thu, 10 Jun 2004 15:25:51 -0400
> From: Mark Poepping <poepping () CMU EDU>
> Reply-To: The EDUCAUSE Security Discussion Group Listserv
>     <SECURITY () LISTSERV EDUCAUSE EDU>
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Checking for AV software on students machines
>
>
>
> And if people are going to answer that question, I'd add the issues of:
>
>  . short-term visitors, especially day-long or week-long classes, trustees, or
> visiting researchers - does everybody have to run your software?
>
>  . what about non-windows boxes?
>
>  . what about embedded systems (e.g. IP phones, robots, security devices)..
>
>
>
> And for Brian Kaye talking about unb.ca..  "The conferencing people are
> happy"..  Do you create a UID/PIN for each conference and expire the
> registrations (and UID/PIN) when the conference is over?
>
> Thanks.
>
> Mark.
>
>
>
>
>
>   _____
>
> From: The EDUCAUSE Security Discussion Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Craig Blaha
> Sent: Thursday, June 10, 2004 3:02 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Checking for AV software on students machines
>
>
>
> The College of New Jersey briefly discussed expanding our EPO license to cover
> students and requiring an agent on student owned machines. We decided against
> it because of the support issues it could raise. I'm interested in how other
> people are dealing with the issue of mandatory anti-virus, patches, agents,
> etc. creating issues (either real or imagined) with a student machine. Do you
> charge for service, require students to sign a waiver, etc?
>
> Thanks,
> Craig Blaha
>
> Antivirus Administrator wrote:
>
>
>
> Hi all.
>
> I was informed of this recent discussion and joined this list to provide
> you with information about how we are doing things here at The
> University of Tennessee.
>
> Here is an overview of registration process.
>
> 1. We now truly have a private network. Students are required to
> register each semester. The computers only able to access our security,
> antivirus, DHCP, and DNS servers. There is currently discussion of
> forced re-registration for all computers, possibly more frequently.
>
> 2. When a Windows XP/2000 box attempts to register, the user is
> forwarded to a page to download an executable which is our "registration
> security tool".
>
> 3. This tool performs a series of checks on the registering system. It
> then applies service packs, hot fixes, McAfee AV & EPO, autoupdate
> repair and configuration, local security policies, and anything else we
> want the tool to do to the system.
> The software is only installed if needed (based on initial checks) to
> reduce registration time for properly configured systems.
> The tool is web based for efficiency and will only download the software
> that is required.
>
> 4. ***KICKER*** Only after it has been successfully executed does this
> tool update an internal database with all hardware (MAC) addresses that
> exist on the machine attempting to register.
>
> 5. The tool then guides the user through the registration process.
>
>
> If a Windows 2000/XP system attempts to register and is not found in the
> internal database, the system is always redirected to the security tool
> download page.
>
>
> On another note...
>
> For those of you using the EPO software, the system compliance profiler
> is a very useful tool to check for patches and any other registry
> settings or file versions. It is my hope to fully implement this with
> the new version of the EPO due to be released this year (currently in
> beta).
>
>
> Hope this is the info everyone needed.
>
> --
> I. W. Woodle (Wes)
> OIT Customer Technology Support
> LaDS/FRP/Antivirus Administration
> University of Tennessee, Knoxville
> (865)974.9600 iwoodle () utk edu
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion Group
> discussion list can be found at http://www.educause.edu/cg/.
>
>
>
> --
>
> Craig Blaha
> Associate Director
> Information Policy, Security and Web Development
> The College of New Jersey
> PO Box 7718
> Ewing, NJ 08628
> www.tcnj.edu
>
> --------------------------------------------------------------
> Reminder: E-mail sent through the Internet is not secure.
> Do not use e-mail to send confidential information
> such as credit card numbers, changes of address, PIN
> numbers, passwords, or other important information.
> Your e-mail message is not private in
> that it is subject to review by the College, its officers,
> agents and employees.
> --------------------------------------------------------------
>
> ********** Participation and subscription information for this EDUCAUSE
> Discussion Group discussion list can be found at http://www.educause.edu/cg/.
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
> http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.