Educause Security Discussion mailing list archives
Re: Windows Updates and Cisco Clean Access
From: Information Security <infosecurity () UTPA EDU>
Date: Thu, 14 Jul 2005 14:50:50 -0500
Charlie Prothero wrote:
Martin, We have the same product, and I think we got around this by allowing 8 minutes of network access for machines that fail scanning. This gives enough time to download OS & AV updates before the system kills the connection, necessitating a reboot or re-login (sorry, I can't recall the specifics).
Wow. 8 minutes. That's about half the time it takes for a virus to spread around the entire world. Given the likelihood that a machine which failed scanning is already infected, that's more of a risk than I would be willing to take. I hope at least that the only facilities you open to them during that window are (ftp|http(s)) or whatever it is that M$ uses to send their patches over. So how is CCS working out for people? We tried it under the Perfigo incarnation a couple of years ago and it had so many rough edges that our conclusion was that it was alpha software that only existed in order to make Perfigo an aquisition target for a larger company ;-) Be interesting to see if Cisco have added any polish to it. The sort of giveaway indication that told me the product was not quite there yet were things like how their main process ran in a busy/wait loop rather than using sleep or select to wait for data on the ether interface. The system *always* ran with a load average > 1.0 ... Having said that I have to give them credit that it has some really nice features. I think that Cisco did the right thing aquiring them and that a combined product with Airespace will be worth looking forward to. G
Current thread:
- Windows Updates and Cisco Clean Access Flagg, Martin D. (Jul 14)
- <Possible follow-ups>
- Re: Windows Updates and Cisco Clean Access Charlie Prothero (Jul 14)
- Re: Windows Updates and Cisco Clean Access Michael Grinnell (Jul 14)
- Re: Windows Updates and Cisco Clean Access Jim Lawson (Jul 14)
- Re: Windows Updates and Cisco Clean Access Franklin, Elliott (Jul 14)
- Re: Windows Updates and Cisco Clean Access Information Security (Jul 14)
- Re: Windows Updates and Cisco Clean Access Flagg, Martin D. (Jul 15)
- Re: Windows Updates and Cisco Clean Access Lee Weers (Jul 15)
- Re: Windows Updates and Cisco Clean Access Richard Gambrell (Jul 15)
- Re: Windows Updates and Cisco Clean Access Atif Azim (atif) (Jul 15)
- Re: Windows Updates and Cisco Clean Access Mike Wiseman (Jul 18)