Educause Security Discussion mailing list archives
Re: Pre-Scan or Scan-After
From: "Scholz, Greg" <gscholz () KEENE EDU>
Date: Tue, 13 Sep 2005 16:36:20 -0400
We have gone with the Cisco Clean Access (CCA) solution which means, technically we are pre-scanning. Some deciding factors were... 1. We had no authentication/authorization for students mechanism before so we had to build something that would handle all the facets (authentication, authorization, quarantine, remediation, notification, etc) 2. CCA updates itself automatically with new dat version requirements, etc so less routine adjustment of what to check for (this has been a bit problematic lately but I am confident it is a "growing pains" issue for Cisco and it will work out in the end) 3. Concern for "taking network access away" after they already have it. With the pre-scan, they never get it until they are compliant 4. Virus/worm propagation timing. Depending on how often and how soon after initial connection you scan, what is the likelihood that infected user A will infect UNinfected but also UNprotected users B through Z? By pre-scanning, the infected user will not be able to infect the others, and the others will be forced to have AV and therefore protect themselves before being exposed to the risk. _________________________ Thank you, Gregory R. Scholz Lead Network Engineer Information Technology Group Keene State College (603)358-2070 _____ From: Tom Neiss [mailto:TNeiss () UAMAIL ALBANY EDU] Sent: Tuesday, September 13, 2005 2:06 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Pre-Scan or Scan-After We are in the process of deciding on scanning for vulnerabities after connection (having went through the necessary authorization and authentication) to the network opposed to pre-scanning for them. We are seeking best practices of those that have chosen this route. In addition we would like those that chose to pre-scan to share with us why you made that decision. We would appreciate your sharing with us.... If you have chosen to scan-after can you give me a url to you process? Can you share any insight into your arriving at that decision? If you chose to pre-scan, what were your deciding factors? thanks, tn Thomas R. Neiss Director of Telecommunications University at Albany State University of New York 1400 Washington Avenue MSC 209 Albany, NY 12222 tneiss () uamail albany edu (518) 437-3803 (518) 437-3810 (FAX)
Current thread:
- Pre-Scan or Scan-After Tom Neiss (Sep 13)
- <Possible follow-ups>
- Re: Pre-Scan or Scan-After Sarah Stevens (Sep 13)
- Re: Pre-Scan or Scan-After Scholz, Greg (Sep 13)
- Re: Pre-Scan or Scan-After Chad McDonald (Sep 14)