Re: Vulnerability Mitigation

[Gary Golomb <coach () GWU EDU>]

I can't believe I'm getting ready to make a vendor endorsement, but...
Here goes... :)

We've been using CCA this year also. From a security perspective, we've
been quite happy with it.

Take note: This does not "stop" or even [strictly speaking] "protect"
hosts from being compromised. It does help reduce the number of
infections by ensuring no one is getting on the network unpatched.
You'll still have worms, bots, and other things due to the number of
other avenues that can be exploited, however, the number will be
*exponentially* smaller than without it.

That being said, there's another bonus to CCA - when you detect a
compromised system, you just put them in the quarantine role in CCA, and
they don't get network access anymore. On top of that, a day later, they
bring their computer to you to be fixed, as opposed to having to play
games trying to track down roving users. That alone makes it worth it if
you ask me. Our reaction time for getting compromised systems off the
network has been *substantially* decreased with CCA.

While I'm acting as a walking billboard - check out Mirage Networks
also. (http://www.miragenetworks.com/) We've done successful testing
with them in the past, and they have a new release coming out that has
perked some eyebrows here...

-gary

------
Gary Golomb
Computer Forensics Engineer
ISS/Network Systems Security
Academic Center
801 22nd St NW Rm B204A
Washington, DC 20052
coach () gwu edu

------
A man's respect for law and order exists
in precise relationship to the size of
his paycheck.

--Adam Clayton Powell


Scholz, Greg wrote:
> We have recently deployed Cisco Clean Access (CCA) for dorms.  For the
> most part are very happy with it.  It has had some growing pains but it
> really seems Cisco is taking the product seriously as a solution and NOT
> joining it at the waist to their other products (although like any other
> product there could be benefits if your infrastructure devices are same
> vendor).
>
> As for the enterprise, I would still recommend looking into the current
> and future of CCA.  It either does or may do soon:
> 1. Windows pass through authentication
> 2. real time system compliance checking (not just at logon)
> 3. ability to check systems of remote users such as over a VPN
> 4. Better reporting to know "what is going on" not just "what has
> happened"
>
>
> _________________________
> Thank you,
> Gregory R. Scholz
> Lead Network Engineer
> Information Technology Group
> Keene State College
> (603)358-2070
>
> -----Original Message-----
> From: Brenda B Gombosky [mailto:brenda.gombosky () LOUISVILLE EDU]
> Sent: Monday, November 14, 2005 9:42 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Vulnerability Mitigation
>
> What are most of you using for vulnerability mitigation for operating
> system patches and virus protection?  We are looking at CISCO's Clean
> Access possibly for the dorms but haven't found anything at the
> enterprise level.
>
> Brenda B. Gombosky
> Director, Information Technology
> University of Louisville
> Miller IT Center, Room 109
> Louisville, KY 40292
> (502)852-5037