Educause Security Discussion mailing list archives
Re: Checking for AV software on students' machines
From: jack suess <jack () UMBC EDU>
Date: Wed, 9 Jun 2004 14:34:06 -0400
We are also looking at this. Here are some options that I have discussed with my network group, we still haven't settled on a solution for fall. 1. We run our own AV dat server for mcafee. We log each ip address that does a DAT file lookup. We have talked about taking those log files and building a database of systems that have done the DAT update. We require people login whenever the power up their machine and would query the database to verify that the machine has "updated there virus dat" within a reasonable window. 2. We have talked about a second option of writing a small app in C/C++ that runs in startup and opens a port we can test and get back the AV information, similar to your active/x approach. Myself, I hate enabling active/X so I'm not as keen on that approach. We would implement this through the CD-ROm we are planning to have the students run to setup their resnet config. 3. We have talked about requiring students to enroll in the E-Policy server. We decided that may be too intrusive of students and have put that on hold for this upcoming fall. We will mandate through policy they have to run our virus software but not force them to be in the E-Policy. Our installer for mcafee points them at our server and sets up the config finally, let me mention a couple of things and put in a plug: 1. U-Minnesota-Diluth and Brown University did a nice presentation on some interesting things they are doing with resnet at the security professionals workshop. http://www.educause.edu/asp/conf/function.asp?PRODUCT_CODE=SEC04/ SESS06&MEETING=sec04 2. Chris Misra of UMass- Amherst is chairing an Internet2 security group on network authentication and management (netauth). http://security.internet2.edu/netauth/index.html Here is my plug, I co-chair the security task force and have been working on the effective practices security guide that Eoghan Casey developed (www.educause.edu/security/guide). We are always looking for case studies to add to the guide! If you have done this please consider submitting a case study. Finally, on a personal level, I'm trying to work with people from the Resnet and security communities to get a whitepaper developed looking at securing resnet. I'm interested in hearing any interesting ways people are securing resnet. thanks Jack Suess, CIO, UMBC On Jun 9, 2004, at 12:01 PM, Mike Wiseman wrote:
I'd be interested to hear the details of your patch version checking system. Our group is in the process of combining NetReg (www.netreg.org) and Nessus for this purpose. In regards to your quest to obtain more information from an unmanaged end station, I too am looking for this next step and have begun to look at adapting open-source software installer packages. The intention is for the end user to download/run this application which would gather pertinent data and send it to the admin host. Mike Wiseman Manager - Computer Security Administration Computing and Networking Services University of TorontoNow that we have found a way to check students' machines for missing patches before they are allowed on the network, we are looking to expand to checking for the presence of updated anti-virus software. This requires access to the students' machines, so we are looking at using a web page with a .NET component to perform the check. A few questions: 1) Is anyone else doing something like this currently? 2) How have you implemented this (web page w/ ActiveX/.Net, downloadable program...)? 3) What do you look for to determine if AV software is present (registry entries, services, running processes...)? 4) How successful has it been? 5) Pitfalls?********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Jack Suess UMBC Office of Information Technology 410.455.2582 1000 Hilltop Circle 410.455.1065(fax) Baltimore, MD. 21250 http://umbc.edu/~jack ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Checking for AV software on students' machines, (continued)
- Re: Checking for AV software on students' machines Jeff Giacobbe (Jun 09)
- Re: Checking for AV software on students' machines Rivers, Christopher R (Jun 09)
- Re: Checking for AV software on students' machines Craig Blaha (Jun 09)
- Re: Checking for AV software on students' machines Brian Eckman (Jun 09)
- Re: Checking for AV software on students' machines Ariel Silverstone (Jun 09)
- Re: Checking for AV software on students' machines Nathan Hall (Jun 09)
- Re: Checking for AV software on students' machines Jeff Bollinger (Jun 09)
- Re: Checking for AV software on students' machines Helms, Sandra (Jun 09)
- Re: Checking for AV software on students' machines Bill Frazier (Jun 09)
- Re: Checking for AV software on students' machines Gibbs, Aaron M. (Jun 09)
- Re: Checking for AV software on students' machines jack suess (Jun 09)
- Re: Checking for AV software on students' machines Ariel Silverstone (Jun 09)
- Re: Checking for AV software on students' machines Gary Flynn (Jun 09)
- Re: Checking for AV software on students' machines Robert Ono (Jun 09)
- Re: Checking for AV software on students' machines Stephen Bernard (Jun 09)
- Re: Checking for AV software on students' machines Bill Frazier (Jun 10)
- Re: Checking for AV software on students' machines Nathan Hall (Jun 10)
- Re: Checking for AV software on students' machines Dunker, Mary (Jun 10)
- Re: Checking for AV software on students' machines Gibbs, Aaron M. (Jun 10)
- Re: Checking for AV software on students' machines Shawn Kohrman (Jun 10)
- Re: Checking for AV software on students' machines Ariel Silverstone (Jun 10)
(Thread continues...)