Educause Security Discussion mailing list archives
Re: Endpoint Security/Policy Enforcement Products
From: "Wayne J. Hauber" <wjhauber () IASTATE EDU>
Date: Thu, 10 Mar 2005 16:33:02 -0600
At 01:57 PM 3/10/2005, Gary Flynn wrote:
We're using Perfigo here but, thus far, only for a registration system. We have not yet implemented the configuration management/network access control piece although several universities have.
At Iowa State, we wrote our own home-brew system, called Inspector. At registration time, students are required to download the Inspector. It is only resident long enough to perform security checks. It: 1. checks for null passwords and uses a 3,000 word dictionary to check for weak passwords. 2. checks for a couple of key hotfixes, backleveled service packs and no automatic updates 3. checks for presence of AV software, enabled on-access scan, automatic updates of virus definitions, current definitions and a a recent on-demand scan. 4. open file shares In general, Inspector works very well. Though we find that the AV vendors keep changing their record keeping techniques in an effort to baffle those who are doing just what we are doing. Microsoft is having problems detecting AV state for the same reasons. Our policy makers are deciding just what to do with Inspector. We are trying to decide if clean inspections will become mandatory and if commercial products will replace our Inspector. With that in mind, I am wondering: 1. Products like Perfigo/Cisco are intended to enforce connection policy. * Do you have connection policies? (local passwords, current hotfixes, AV software, etc...) * What are they? * Do you enforce connection policies with a product of some sort? * Do you use a connection management product as strictly a information gathering tool and as an educational tool? 2. Is there a clear leader in the commercial connection management market? 3. Why is it a leader? (I want to compare and contrast it with our Inspector project.) 4. Many commercial connection management tools require installation of an agent. Were you able to justify putting an agent on privately owned student systems? I firmly believe that connection management is going to be an important part of network security in the very near future. The form connection management will take is not clear. If any of you have thoughts about the questions I've posed, I would appreciate your reactions. Wayne Hauber (515) 294-9890 Network Information & Microcomputer Network Services Office of Academic Information Technologies 109 Durham Center, ISU, Ames, Iowa 50011 wjhauber () iastate edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Endpoint Security/Policy Enforcement Products Penn, Blake (Mar 10)
- <Possible follow-ups>
- Re: Endpoint Security/Policy Enforcement Products Jon Moore (Mar 10)
- Re: Endpoint Security/Policy Enforcement Products George Russ (Mar 10)
- Re: Endpoint Security/Policy Enforcement Products Jon Moore (Mar 10)
- Re: Endpoint Security/Policy Enforcement Products Gary Flynn (Mar 10)
- Re: Endpoint Security/Policy Enforcement Products Wayne J. Hauber (Mar 10)
- Re: Endpoint Security/Policy Enforcement Products Jamie A. Stapleton (Mar 10)