Educause Security Discussion mailing list archives
Re: Vulnerability Mitigation
From: Gary Golomb <coach () GWU EDU>
Date: Mon, 14 Nov 2005 12:06:37 -0500
I can't believe I'm getting ready to make a vendor endorsement, but... Here goes... :) We've been using CCA this year also. From a security perspective, we've been quite happy with it. Take note: This does not "stop" or even [strictly speaking] "protect" hosts from being compromised. It does help reduce the number of infections by ensuring no one is getting on the network unpatched. You'll still have worms, bots, and other things due to the number of other avenues that can be exploited, however, the number will be *exponentially* smaller than without it. That being said, there's another bonus to CCA - when you detect a compromised system, you just put them in the quarantine role in CCA, and they don't get network access anymore. On top of that, a day later, they bring their computer to you to be fixed, as opposed to having to play games trying to track down roving users. That alone makes it worth it if you ask me. Our reaction time for getting compromised systems off the network has been *substantially* decreased with CCA. While I'm acting as a walking billboard - check out Mirage Networks also. (http://www.miragenetworks.com/) We've done successful testing with them in the past, and they have a new release coming out that has perked some eyebrows here... -gary ------ Gary Golomb Computer Forensics Engineer ISS/Network Systems Security Academic Center 801 22nd St NW Rm B204A Washington, DC 20052 coach () gwu edu ------ A man's respect for law and order exists in precise relationship to the size of his paycheck. --Adam Clayton Powell Scholz, Greg wrote:
We have recently deployed Cisco Clean Access (CCA) for dorms. For the most part are very happy with it. It has had some growing pains but it really seems Cisco is taking the product seriously as a solution and NOT joining it at the waist to their other products (although like any other product there could be benefits if your infrastructure devices are same vendor). As for the enterprise, I would still recommend looking into the current and future of CCA. It either does or may do soon: 1. Windows pass through authentication 2. real time system compliance checking (not just at logon) 3. ability to check systems of remote users such as over a VPN 4. Better reporting to know "what is going on" not just "what has happened" _________________________ Thank you, Gregory R. Scholz Lead Network Engineer Information Technology Group Keene State College (603)358-2070 -----Original Message----- From: Brenda B Gombosky [mailto:brenda.gombosky () LOUISVILLE EDU] Sent: Monday, November 14, 2005 9:42 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Vulnerability Mitigation What are most of you using for vulnerability mitigation for operating system patches and virus protection? We are looking at CISCO's Clean Access possibly for the dorms but haven't found anything at the enterprise level. Brenda B. Gombosky Director, Information Technology University of Louisville Miller IT Center, Room 109 Louisville, KY 40292 (502)852-5037
Current thread:
- Vulnerability Mitigation Brenda B Gombosky (Nov 14)
- <Possible follow-ups>
- Re: Vulnerability Mitigation Scholz, Greg (Nov 14)
- Re: Vulnerability Mitigation Gary Golomb (Nov 14)