Educause Security Discussion mailing list archives
Re: Application inventory, Discovery, Blocking? Was RE: EnCase Enterprise experiences
From: Chad McDonald <chad.mcdonald () GCSU EDU>
Date: Tue, 13 Dec 2005 14:47:25 -0500
So maybe a better question is what are people using for application inventory, discovery, blocking? We have been using Altiris to this end for a few years now. We are very pleased with our installation. Chad McDonald, CISSP Chief Information Security Officer Georgia College & State University Office 478.445.4473 Cell 478.454.8250 _____ From: James H Moore [mailto:jhmfa () RIT EDU] Sent: Tuesday, December 13, 2005 2:34 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Application inventory, Discovery, Blocking? Was RE: [SECURITY] EnCase Enterprise experiences I was just looking at it, because, it offers the capabilities of discovery and blocking. If we find an executable on one (administrative) computer, usually the next question is "Is this running anywhere else?" And that is a long, less than reliable process. I am looking for streamlining. If something starts to spread that is not detected in anti-virus, then it can be blocked. This can take place, I believe for legitimate programs as well (like commercial keystroke loggers), and other things that shouldn't be on our network, but that A/V vendors might be hesitant to detect. So maybe a better question is what are people using for application inventory, discovery, blocking? One other thing that is useful about the EnCase Enterprise, has to do with grabbing a memory image. Something dropped a copy of Dameware, but did it successfully install, and is it running? Jim - - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 475-4122 (lab) (585) 475-7950 (fax) "We will have a chance when we are as efficient at communicating information security best practices, as hackers and criminals are at sharing attack information" - Peter Presidio _____ From: Theresa Semmens [mailto:theresa.semmens () NDSU EDU] Sent: Tuesday, December 13, 2005 2:24 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] EnCase Enterprise experiences We do not use the enterprise version but do use the other version for our acceptable use investigations. We've found that it delivers what we ask of it. Theresa Semmens, CISA IT Security Officer North Dakota State University IACC 210C Ph: 701-231-5870 E-mail: theresa.semmens () ndsu edu "Opportunity is missed by most people because it is dressed in overalls and looks like work." Thomas Edison _____ From: James H Moore [mailto:jhmfa () RIT EDU] Sent: Tuesday, December 13, 2005 1:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] EnCase Enterprise experiences Anyone using EnCase Enterprise in Higher Ed? What settings? What problems with fears of Big Brother? Are you getting the expected returns? Jim - - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 475-4122 (lab) (585) 475-7950 (fax) "We will have a chance when we are as efficient at communicating information security best practices, as hackers and criminals are at sharing attack information" - Peter Presidio
Current thread:
- Application inventory, Discovery, Blocking? Was RE: EnCase Enterprise experiences James H Moore (Dec 13)
- <Possible follow-ups>
- Re: Application inventory, Discovery, Blocking? Was RE: EnCase Enterprise experiences Chad McDonald (Dec 13)