Educause Security Discussion mailing list archives

Re: Checking for AV software on students' machines

From: jack suess <jack () UMBC EDU>
Date: Wed, 9 Jun 2004 14:34:06 -0400

We are also looking at this. Here are some options that I have
discussed with my network group, we still haven't settled on a solution
for fall.

1. We run our own AV dat server for mcafee. We log each ip address that
does a DAT file lookup. We have talked about taking those log files and
building a database of systems that have done the DAT update. We
require people login whenever the power up their machine and would
query the database to verify that the machine has "updated there virus
dat" within a reasonable window.

2. We have talked about a second option of writing a small app in C/C++
that runs in startup and opens a port we can test and get back the AV
information, similar to your active/x approach. Myself, I hate enabling
active/X so I'm not as keen on that approach. We would implement this
through the CD-ROm we are planning to have the students run to setup
their resnet config.

3. We have talked about requiring students to enroll in the E-Policy
server. We decided that may be too intrusive of students and have put
that on hold for this upcoming fall. We will mandate through policy
they have to run our virus software but not force them to be in the
E-Policy. Our installer for mcafee points them at our server and sets
up the config

finally, let me mention a couple of things and put in a plug:

1. U-Minnesota-Diluth and Brown University did a nice presentation on
some interesting things they are doing with resnet at the security
professionals workshop.
http://www.educause.edu/asp/conf/function.asp?PRODUCT_CODE=SEC04/
SESS06&MEETING=sec04

2. Chris Misra of UMass- Amherst is chairing an Internet2 security
group on network authentication and management (netauth).
http://security.internet2.edu/netauth/index.html

Here is my plug, I co-chair the security task force and have been
working on the effective practices security guide that Eoghan Casey
developed (www.educause.edu/security/guide). We are always looking for
case studies to add to the guide! If you have done this please consider
submitting a case study.

Finally, on a personal level, I'm trying to work with  people from the
Resnet and security communities to get a whitepaper developed looking
at securing resnet. I'm interested in hearing any interesting ways
people are securing resnet.

thanks

Jack Suess, CIO, UMBC



On Jun 9, 2004, at 12:01 PM, Mike Wiseman wrote:

I'd be interested to hear the details of your patch version checking
system. Our group is
in the process of combining NetReg (www.netreg.org) and Nessus for
this purpose. In
regards to your quest to obtain more information from an unmanaged end
station, I too am
looking for this next step and have begun to look at adapting
open-source software
installer packages. The intention is for the end user to download/run
this application
which would gather pertinent data and send it to the admin host.

Mike Wiseman
Manager - Computer Security Administration
Computing and Networking Services
University of Toronto

Now that we have found a way to check students' machines for missing
patches before they are allowed on the network, we are looking to
expand
to checking for the presence of updated anti-virus software. This
requires access to the students' machines, so we are looking at using
a
web page with a .NET component to perform the check. A few questions:

1) Is anyone else doing something like this currently?
2) How have you implemented this (web page w/ ActiveX/.Net,
downloadable
program...)?
3) What do you look for to determine if AV software is present
(registry
entries, services, running processes...)?
4) How successful has it been?
5) Pitfalls?


**********
Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/cg/.

Jack Suess                   UMBC Office of Information Technology
410.455.2582               1000 Hilltop Circle
410.455.1065(fax)        Baltimore, MD. 21250
 http://umbc.edu/~jack

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Re: Checking for AV software on students' machines, (continued)
- Re: Checking for AV software on students' machines Jeff Giacobbe (Jun 09)
- Re: Checking for AV software on students' machines Rivers, Christopher R (Jun 09)
- Re: Checking for AV software on students' machines Craig Blaha (Jun 09)
- Re: Checking for AV software on students' machines Brian Eckman (Jun 09)
- Re: Checking for AV software on students' machines Ariel Silverstone (Jun 09)
- Re: Checking for AV software on students' machines Nathan Hall (Jun 09)
- Re: Checking for AV software on students' machines Jeff Bollinger (Jun 09)
- Re: Checking for AV software on students' machines Helms, Sandra (Jun 09)
- Re: Checking for AV software on students' machines Bill Frazier (Jun 09)
- Re: Checking for AV software on students' machines Gibbs, Aaron M. (Jun 09)
- Re: Checking for AV software on students' machines jack suess (Jun 09)
- Re: Checking for AV software on students' machines Ariel Silverstone (Jun 09)
- Re: Checking for AV software on students' machines Gary Flynn (Jun 09)
- Re: Checking for AV software on students' machines Robert Ono (Jun 09)
- Re: Checking for AV software on students' machines Stephen Bernard (Jun 09)
- Re: Checking for AV software on students' machines Bill Frazier (Jun 10)
- Re: Checking for AV software on students' machines Nathan Hall (Jun 10)
- Re: Checking for AV software on students' machines Dunker, Mary (Jun 10)
- Re: Checking for AV software on students' machines Gibbs, Aaron M. (Jun 10)
- Re: Checking for AV software on students' machines Shawn Kohrman (Jun 10)
- Re: Checking for AV software on students' machines Ariel Silverstone (Jun 10)

(Thread continues...)