Educause Security Discussion mailing list archives

Re: Pre-Scan or Scan-After

From: "Scholz, Greg" <gscholz () KEENE EDU>
Date: Tue, 13 Sep 2005 16:36:20 -0400

We have gone with the Cisco Clean Access (CCA) solution which means,
technically we are pre-scanning.  Some deciding factors were...

1.      We had no authentication/authorization for students mechanism
before so we had to build something that would handle all the facets
(authentication, authorization, quarantine, remediation, notification,
etc)
2.      CCA updates itself automatically with new dat version
requirements, etc so less routine adjustment of what to check for (this
has been a bit problematic lately but I am confident it is a "growing
pains" issue for Cisco and it will work out in the end)
3.      Concern for "taking network access away" after they already have
it.  With the pre-scan, they never get it until they are compliant
4.      Virus/worm propagation timing.  Depending on how often and how
soon after initial connection you scan, what is the likelihood that
infected user A will infect UNinfected but also UNprotected users B
through Z?  By pre-scanning, the infected user will not be able to
infect the others, and the others will be forced to have AV and
therefore protect themselves before being exposed to the risk.

 

_________________________

Thank you,

Gregory R. Scholz

Lead Network Engineer

Information Technology Group

Keene State College

(603)358-2070

 

  _____  

From: Tom Neiss [mailto:TNeiss () UAMAIL ALBANY EDU] 
Sent: Tuesday, September 13, 2005 2:06 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Pre-Scan or Scan-After

 

We are in the process of deciding on scanning for vulnerabities after
connection (having went  through the necessary authorization and
authentication) to the network opposed to pre-scanning for them.  We are
seeking best practices of those that have chosen this route.  In
addition we would like those that chose to pre-scan to share with us why
you made that decision.

We would appreciate your sharing with us.... 

If you have chosen to scan-after can you give me a url to you process? 
Can you share any insight into your arriving at that decision? 
If you chose to pre-scan, what were your deciding factors? 
thanks, 
tn 

Thomas R. Neiss 
Director of Telecommunications 
University at Albany 
State University of New York 
1400 Washington Avenue MSC 209 
Albany, NY 12222 
tneiss () uamail albany edu 
(518) 437-3803 
(518) 437-3810 (FAX)

Current thread:

Pre-Scan or Scan-After Tom Neiss (Sep 13)
- <Possible follow-ups>
- Re: Pre-Scan or Scan-After Sarah Stevens (Sep 13)
- Re: Pre-Scan or Scan-After Scholz, Greg (Sep 13)
- Re: Pre-Scan or Scan-After Chad McDonald (Sep 14)