Educause Security Discussion mailing list archives
Application inventory, Discovery, Blocking? Was RE: EnCase Enterprise experiences
From: James H Moore <jhmfa () RIT EDU>
Date: Tue, 13 Dec 2005 14:33:54 -0500
I was just looking at it, because, it offers the capabilities of discovery and blocking. If we find an executable on one (administrative) computer, usually the next question is "Is this running anywhere else?" And that is a long, less than reliable process. I am looking for streamlining. If something starts to spread that is not detected in anti-virus, then it can be blocked. This can take place, I believe for legitimate programs as well (like commercial keystroke loggers), and other things that shouldn't be on our network, but that A/V vendors might be hesitant to detect. So maybe a better question is what are people using for application inventory, discovery, blocking? One other thing that is useful about the EnCase Enterprise, has to do with grabbing a memory image. Something dropped a copy of Dameware, but did it successfully install, and is it running? Jim - - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 475-4122 (lab) (585) 475-7950 (fax) "We will have a chance when we are as efficient at communicating information security best practices, as hackers and criminals are at sharing attack information" - Peter Presidio ________________________________ From: Theresa Semmens [mailto:theresa.semmens () NDSU EDU] Sent: Tuesday, December 13, 2005 2:24 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] EnCase Enterprise experiences We do not use the enterprise version but do use the other version for our acceptable use investigations. We've found that it delivers what we ask of it. Theresa Semmens, CISA IT Security Officer North Dakota State University IACC 210C Ph: 701-231-5870 E-mail: theresa.semmens () ndsu edu "Opportunity is missed by most people because it is dressed in overalls and looks like work." Thomas Edison ________________________________ From: James H Moore [mailto:jhmfa () RIT EDU] Sent: Tuesday, December 13, 2005 1:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] EnCase Enterprise experiences Anyone using EnCase Enterprise in Higher Ed? What settings? What problems with fears of Big Brother? Are you getting the expected returns? Jim - - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 475-4122 (lab) (585) 475-7950 (fax) "We will have a chance when we are as efficient at communicating information security best practices, as hackers and criminals are at sharing attack information" - Peter Presidio
Current thread:
- Application inventory, Discovery, Blocking? Was RE: EnCase Enterprise experiences James H Moore (Dec 13)
- <Possible follow-ups>
- Re: Application inventory, Discovery, Blocking? Was RE: EnCase Enterprise experiences Chad McDonald (Dec 13)