Re: Endpoint Security/Policy Enforcement Products

[George Russ <george.russ () CITADEL EDU>]

I have looked into Perfigo(cisco), Bradford Campus Manager and am now
testing StillSecure's "SafeAccess".  I like the product and their staff.
They are very responsive and I feel they are developing a very nice product.

On the subject of compromised computers modifying the testing agent to
exhibit false indications to the testing server:
There are no reports of this occurring although it is possible. I feel that
given the hackers return on investment over development of this Trojan, his
time would be better spent in his present successful ventures.

The agents I have worked with only have one purpose and that is to allow the
master server access to the PC they do not report or send back any
information so for this product and most others the agent could not be
compromised to send improper results.  The master server looks in the
registry for exact keys identifying products which it has listed as allowed
or not-allowed.  It also looks at running services to detect proper software
is running some can even look for file names and folders.

There is no magic application for ensuring a device is 100% safe to allow on
the network.  But at this point I would settle for having 50% of them "safe"
with current patches.  Applications to ensure all computers are authorized
and to a certain extent "clean" before they are connected to the network
will become common place in the near future. I know most colleges are headed
this way in some form or another.

Good day all.

---------------------------------------------------------------
George Russ                       ITS/Network Support Services
The Citadel                       Charleston SC 29409
---------------------------------------------------------------

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.