Educause Security Discussion mailing list archives
Re: Vulnerability Assessment Requirements
From: Mike Wiseman <mike.wiseman () UTORONTO CA>
Date: Fri, 22 Jul 2005 12:10:04 -0400
Hi, For vulnerability assessment, we currently focus on Microsoft critical updates and service packs. With our system, network administrators decide when to require their users to run the test - if they fail, there is no grace period. We encourage a 'monthly check' policy roughly corresponding to Microsoft's Tuesday releases. We're working on adding antivirus status and elementary password audit checks. Mike Mike Wiseman Manager - Computer Security Administration Computing and Networking Services University of Toronto I am throwing this question out there to schools who have implemented a vulnerability assessment solution such as CCA, Impulse Point, or Campus Manager. (Note, I am not trying to start a debate on one versus the other.) We are working to get CCA ready for our students this fall and I was wondering what other schools have decided upon regarding the requirements they are imposing on their student's PCs. With CCA you can check for a lot of things: service packs, Microsoft updates, existence of anti-virus software, the age of antivirus definition, installed programs, a missing installed program, etc. I am curious to find out what requirements other schools have used? Do you allow a grace period or do you require that new updates and virus definitions are necessary as soon as they become available? Thanks in advance, Chris Brown Information Technology Services Network/Telecom Administrator Regis University, Denver CO
Current thread:
- Vulnerability Assessment Requirements Brown, Christopher (Jul 21)
- <Possible follow-ups>
- Re: Vulnerability Assessment Requirements George (Jul 21)
- Re: Vulnerability Assessment Requirements Michael Grinnell (Jul 21)
- Re: Vulnerability Assessment Requirements Hall, Rand (Jul 21)
- Re: Vulnerability Assessment Requirements George (Jul 21)
- Re: Vulnerability Assessment Requirements Mike Wiseman (Jul 22)
- Re: Vulnerability Assessment Requirements Franklin, Elliott (Jul 25)