Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Checking for AV software on students' machines

From: Bill Frazier <frazier () IASTATE EDU>
Date: Thu, 10 Jun 2004 07:50:37 CDT
I agree.  To amplify on what I said about our effort, we are
preparing an application which will run on the client system
to do tests.  A firewall may protect against intrusion, but it
says nothing about pre-existing state.  A well patched and AV
current system is less likely to be carrying infection.

Bill

__________________________________________________________________
On Wed, 09 Jun 2004 16:55:46 EDT, Stephen Bernard wrote:

Brian Eckman wrote:

<snip>


Yes, the Windows firewall (ICF) will block these types of scans. But
that is a good thing. We are implementing a NetReg-based solution, and
would be ecstatic if all of the dorm computers would pass the scan
because they have their firewall on. I would call that "mission
accomplished".

Brian
--
Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.




It sounds like what is being said is, "as long as the external symptoms
of a problem are hidden it isn't a problem". This is exactly why some
network security practitioners take the tact that firewalls are a bad
thing because they make system administrators complacent and leave end
users naively vulnerable.

The MS firewall surely won't prevent an end user from downloading a
trojaned music file which then posts their keystrokes, personal
information, or business files to an IRC channel. It doesn't provide
application protections. There isn't any mechanism for disallowing the
disabling of the firewall, especially when the average user logs in with
Administrator privileges. It's very probable that malware exists or will
come out that actually utilizes the personal firewall. The malware could
re-configure the firewall so that it continues to block internal
addresses from scanning it but allowing specific, encrypted (IPSEC)
connections.


Steve

**********
Participation and subscription information for this EDUCAUSE Discussion
Group d
iscussion list can be found at http://www.educause.edu/cg/.




__________________________________________________________________
Bill Frazier                                 frazier () iastate edu
Assistant Director/Software Support          voice: (515) 294-8620
Iowa State University                        fax:   (515) 294-1717
Academic Information Technologies, 291 Durham, Ames, Iowa 50011

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: