Educause Security Discussion mailing list archives

Re: Vulnerability Assessment Requirements

From: George <george.russ () CITADEL EDU>
Date: Thu, 21 Jul 2005 13:39:22 -0400

Do you allow a grace period.

No grace period for first time registration



Do you require that new updates and virus definitions are necessary as soon
as they become available?

Yes, done automatically



To get on the "real" network we require:

SP2 and current on MS critical updates

No Norton AV products (interferes with Symantec)

Symantec AV Corporate 10.0, settings virtually locked down

"Completed" Symantec scan of entire local root drive

MS AntiSpyware

MS FW on

Patch management SW installed(Patchlink agent)

MS updates set for automatic DL and install

Other minor configurations to IE, registry, etc.



George



---------------------------------------------------------------

George Russ                       ITS/Network Support Services

The Citadel                       Charleston SC 29409

---------------------------------------------------------------



  _____

From: Brown, Christopher [mailto:cebrown () REGIS EDU]
Sent: Thursday, July 21, 2005 11:32 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Vulnerability Assessment Requirements



Greetings,



I am throwing this question out there to schools who have implemented a
vulnerability assessment solution such as CCA, Impulse Point, or Campus
Manager.  (Note, I am not trying to start a debate on one versus the other.)
We are working to get CCA ready for our students this fall and I was
wondering what other schools have decided upon regarding the requirements
they are imposing on their student's PCs.  With CCA you can check for a lot
of things: service packs, Microsoft updates, existence of anti-virus
software, the age of antivirus definition, installed programs, a missing
installed program, etc.  I am curious to find out what requirements other
schools have used?  Do you allow a grace period or do you require that new
updates and virus definitions are necessary as soon as they become
available?



Thanks in advance,

Chris Brown

Information Technology Services

Network/Telecom Administrator

Regis University, Denver CO

Current thread:

Vulnerability Assessment Requirements Brown, Christopher (Jul 21)
- <Possible follow-ups>
- Re: Vulnerability Assessment Requirements George (Jul 21)
- Re: Vulnerability Assessment Requirements Michael Grinnell (Jul 21)
- Re: Vulnerability Assessment Requirements Hall, Rand (Jul 21)
- Re: Vulnerability Assessment Requirements George (Jul 21)
- Re: Vulnerability Assessment Requirements Mike Wiseman (Jul 22)
- Re: Vulnerability Assessment Requirements Franklin, Elliott (Jul 25)