Educause Security Discussion mailing list archives
Re: Checking for AV software on students' machines
From: "Jason S. Cash" <cash () UDEL EDU>
Date: Thu, 10 Jun 2004 11:22:18 -0400
On Thu, 10 Jun 2004, Steve Schuster wrote: [clipped]
We are currently running into a backlash with respect to policy requiring the registration of all computer systems that are on our network. Can you help me gauge if there are other schools who also require this?
UDel requires dorm computers to be "registered" in that we keep track of macaddr/userid in a database. This system is currently encouraged for the rest of campus, though there are quite a few admin/lab machines that have static addresses given out long ago. The goal is to have all machines registered to a specific owner, admin, department. Many campus admins are actually for this plan so they can register their 'critical' servers. This way we can automate the port shutdown programs to also notify the admin/owner of the machine via email/pager/etc. Jason
Thanks, sjs At 09:12 AM 6/10/2004, you wrote:Thank you for this excellent report from UC Davis. Virginia Tech is making similar plans for network registration and scanning, and we appreciate everyone sharing their experiences. Mary -------------------------------------------- Mary Dunker Secure Enterprise Technology Initiatives Virginia Tech Information Technology 1700 Pratt Drive Blacksburg, VA 24060 (540) 231-9327 FAX: (540) 231-7413 dunker () vt edu -----Original Message----- From: Robert Ono [mailto:raono () UCDAVIS EDU] Sent: Wednesday, June 09, 2004 4:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Checking for AV software on students' machines Jeff, We are in the process of expanding our vulnerability scan that takes place as part of our authentication to campus-wide web-based applications. See http://security.ucdavis.edu/vulnscanrpt.pdf for further information. Let me know if you have any questions. Bob > Nathan- > > I unfortunately don't have an answer to your questions regarding > verification of AV software on client machines, but I was wondering if > you could provide some details on how you accomplished your first goal > - verifying for patches before a student machine is allowed on the network. > > We are currently investigating ways to drop student machines into a > "quarantine" VLAN if they are not up to the latest Windows patches, > but so far have not found an effective way to do that check. Does your > solution require some kind of pre-installed client agent? > > I didn't see anything in a previous thread, but if you've already > answered that question my apologies. Any insight, advice, horror > stories you could provide would be greatly appreciated. > > Thanks, > > Jeff Giacobbe > Director of Systems, Security, and Networking > Montclair State University > > > Nathan Hall wrote: > > Now that we have found a way to check students' machines for missing > > patches before they are allowed on the network, we are looking to expand > > to checking for the presence of updated anti-virus software. This > > requires access to the students' machines, so we are looking at > > using a > > web page with a .NET component to perform the check. A few > > questions: > > > > 1) Is anyone else doing something like this currently? > > 2) How have you implemented this (web page w/ ActiveX/.Net, downloadable > > program...)? > > 3) What do you look for to determine if AV software is present (registry > > entries, services, running processes...)? > > 4) How successful has it been? > > 5) Pitfalls? > > > > Any other input would be appreciated too. Thanks in advance. > > > > Nathan Hall > > System Administrator > > SUNY Oneonta > > Oneonta, NY 13820 > > (607) 436-2708 > > > > ********** > > Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. > > ********** > Participation and subscription information for this EDUCAUSE > Discussion Group discussion list can be found at http://www.educause.edu/cg/. > Robert Ono, CISSP IT Security Coordinator Office of the Vice Provost, Information and Educational Technology UC Davis 530.757.5795 Desk ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.--------------------------------------------------------------------------------------------------------------------- Steve Schuster IT Security Office Cornell University Work -- (607)255-8825 Cell -- (607)351-1386 --------------------------------------------------------------------------------------------------------------------- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
/* Jason S. Cash IT/Network and Systems Services University of Delaware, Newark Delaware e:cash () udel edu v: 302-831-0461 */ ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Checking for AV software on students' machines, (continued)
- Re: Checking for AV software on students' machines Bill Frazier (Jun 10)
- Re: Checking for AV software on students' machines Nathan Hall (Jun 10)
- Re: Checking for AV software on students' machines Dunker, Mary (Jun 10)
- Re: Checking for AV software on students' machines Gibbs, Aaron M. (Jun 10)
- Re: Checking for AV software on students' machines Shawn Kohrman (Jun 10)
- Re: Checking for AV software on students' machines Ariel Silverstone (Jun 10)
- Re: Checking for AV software on students' machines Brian Eckman (Jun 10)
- Re: Checking for AV software on students' machines Jason S. Cash (Jun 10)
- Re: Checking for AV software on students' machines Steve Schuster (Jun 10)
- Re: Checking for AV software on students' machines Cal Frye (Jun 10)
- Re: Checking for AV software on students' machines Jason S. Cash (Jun 10)
- Re: Checking for AV software on students' machines Brian Kaye (Jun 10)