Educause Security Discussion mailing list archives
Re: Pre-Scan or Scan-After
From: Chad McDonald <chad.mcdonald () GCSU EDU>
Date: Wed, 14 Sep 2005 07:21:07 -0400
We do both, sort of... We have recently implemented the Impulse Point solution and after some installation issues were resolved, have been pleased with its performance and price. Currently we have this in production on our main campus wireless network and have it set to prevent access if policies are not met. We scan for Windows patches, anti-virus definitions, and status of anti-virus software. We have the ability to also scan for spy ware and redirect peer to peer file sharing attempts to music download retailers. We will most likely take a different approach on our residential network where we will scan wired and wireless connections. Here we plan to offer "warnings" to the user that access will be terminated in n hours if the client is not patched, updated, etc. We plan to offer access to select on-campus services or addresses regardless of patch status so that we can't be accused of impeding academic progress of our students. We don't offer the "walled garden" approach on campus because the students have broad access to hundreds of lab or classroom computers that are patched. As for pre or post scanning, our implementation is better described as "live" scanning. Clients are scanned in both states before AND after connection. If, for instance, the anti-virus software is turned off after the pre-connection scan, network access will be terminated in short order until the software is turned back on. While this isn't actually real-time, it's pretty darn quick. Chad McDonald, CISSP Chief Information Security Officer Georgia College & State University Office 478.445.4473 Cell 478.454.8250 _____ From: Tom Neiss [mailto:TNeiss () UAMAIL ALBANY EDU] Sent: Tuesday, September 13, 2005 2:06 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Pre-Scan or Scan-After We are in the process of deciding on scanning for vulnerabities after connection (having went through the necessary authorization and authentication) to the network opposed to pre-scanning for them. We are seeking best practices of those that have chosen this route. In addition we would like those that chose to pre-scan to share with us why you made that decision. We would appreciate your sharing with us.... If you have chosen to scan-after can you give me a url to you process? Can you share any insight into your arriving at that decision? If you chose to pre-scan, what were your deciding factors? thanks, tn Thomas R. Neiss Director of Telecommunications University at Albany State University of New York 1400 Washington Avenue MSC 209 Albany, NY 12222 tneiss () uamail albany edu (518) 437-3803 (518) 437-3810 (FAX)
Current thread:
- Pre-Scan or Scan-After Tom Neiss (Sep 13)
- <Possible follow-ups>
- Re: Pre-Scan or Scan-After Sarah Stevens (Sep 13)
- Re: Pre-Scan or Scan-After Scholz, Greg (Sep 13)
- Re: Pre-Scan or Scan-After Chad McDonald (Sep 14)