Educause Security Discussion mailing list archives
Re: Endpoint Security/Policy Enforcement Products
From: Gary Flynn <flynngn () JMU EDU>
Date: Thu, 10 Mar 2005 14:57:38 -0500
We're using Perfigo here but, thus far, only for a registration system. We have not yet implemented the configuration management/network access control piece although several universities have. You might find the archives of the Perfigo list useful: http://listserv.muohio.edu/archives/perfigo.html Perfigo has two sets of capabilities in the area under discussion: 1) Nessus network scans. While nice when a client can't be tolerated, network scanners are getting less and less useful without custom desktop firewall rules. And they can't touch a client for depth of inspection, accuracy, and automation capabilities. 2) A client Perfigo called CleanMachines or SmartEnforcer. The client can do some simple checks such as registry values. My personal opinion on the way to use this is to write WMI scripts that allow full functionality including configuration management and post-infection cleaning when necessary. The client would just call the script and ensure it runs successfully. Consider the cleanup scripts many wrote after blaster. Modify the admission script to include Blaster removal, force everyone to re-register, and all your machines are automatically cleaned! Same potential for emergency virus signature updates, spyware removal, firewall configuration, etc. Taken a little further, you could have it do firewall log inspection and intrusion detection such as checking what programs are opening ports and what programs are listed in the registry Run entries. Basically you can create/recreate what you may already be using for desktop configuration management (netware/ domain login scripts, group policies, etc.) with added network access control motivation. What you do or don't do on student machines to manage your network is up to you. :) The functionality in these devices can by bypassed and corrupted as someone else mentioned. But so can almost anything else. What you have to ask yourself is whether they provide a useful (not infallible) solution to a problem. Are you better off with or without it? -- Gary Flynn Security Engineer James Madison University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Endpoint Security/Policy Enforcement Products Penn, Blake (Mar 10)
- <Possible follow-ups>
- Re: Endpoint Security/Policy Enforcement Products Jon Moore (Mar 10)
- Re: Endpoint Security/Policy Enforcement Products George Russ (Mar 10)
- Re: Endpoint Security/Policy Enforcement Products Jon Moore (Mar 10)
- Re: Endpoint Security/Policy Enforcement Products Gary Flynn (Mar 10)
- Re: Endpoint Security/Policy Enforcement Products Wayne J. Hauber (Mar 10)
- Re: Endpoint Security/Policy Enforcement Products Jamie A. Stapleton (Mar 10)