Educause Security Discussion mailing list archives
Re: Checking for AV software on students' machines
From: Brian Eckman <eckman () UMN EDU>
Date: Thu, 10 Jun 2004 08:35:14 -0500
Bill Frazier wrote:
I agree. To amplify on what I said about our effort, we are preparing an application which will run on the client system to do tests. A firewall may protect against intrusion, but it says nothing about pre-existing state. A well patched and AV current system is less likely to be carrying infection. Bill
I've mentioned a couple of things regardling this offlist to a few people, and decided perhaps its just time to mention it on the list. Someone else is addressing this idea of looking for pre-infected computers by checking for traffic originating from the scanned box going to destinations other than the scanner, DHCP and DNS servers. I'm not sure exactly how they made it work, but it seems smart to me. One approach is to make the scanning machine also be the router for that jailed environment, and have it looking for this kind of traffic. The approach we are hoping to take is to have some form of IDS running on the firewall that routes packets to/from our dorms, so even if the machine passes the test, if it sets off IDS alarms, it can be taken back offline promptly. Just like another poster mentioned, perhaps others have different goals than us. We're also mostly looking to slow the spread of worms to/from these basically unmanaged computers. For the most part, a firewall does that. The machines can still spread E-mail worms and such, and we have methods of rapidly detecting that and dealing with it. At least the backdoor ports these worms open up will not be accessible on the firewalled computers. Brian -- Brian Eckman Security Analyst OIT Security and Assurance University of Minnesota ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Checking for AV software on students' machines, (continued)
- Re: Checking for AV software on students' machines Ariel Silverstone (Jun 09)
- Re: Checking for AV software on students' machines Gary Flynn (Jun 09)
- Re: Checking for AV software on students' machines Robert Ono (Jun 09)
- Re: Checking for AV software on students' machines Stephen Bernard (Jun 09)
- Re: Checking for AV software on students' machines Bill Frazier (Jun 10)
- Re: Checking for AV software on students' machines Nathan Hall (Jun 10)
- Re: Checking for AV software on students' machines Dunker, Mary (Jun 10)
- Re: Checking for AV software on students' machines Gibbs, Aaron M. (Jun 10)
- Re: Checking for AV software on students' machines Shawn Kohrman (Jun 10)
- Re: Checking for AV software on students' machines Ariel Silverstone (Jun 10)
- Re: Checking for AV software on students' machines Brian Eckman (Jun 10)
- Re: Checking for AV software on students' machines Jason S. Cash (Jun 10)
- Re: Checking for AV software on students' machines Steve Schuster (Jun 10)
- Re: Checking for AV software on students' machines Cal Frye (Jun 10)
- Re: Checking for AV software on students' machines Jason S. Cash (Jun 10)
- Re: Checking for AV software on students' machines Brian Kaye (Jun 10)