Re: Vulnerability Assessment Requirements

["Franklin, Elliott" <franklin () TXSTATE EDU>]

At Texas State University - San Marcos we apply the default CCA rule for
windows update and McAfee 8.0i and do not allow a grace period.  We
apply these rules only to Windows 2000 workstations and above.  The only
problem that we've experience with this is that our on-campus update
servers were not updated as quickly as the CCA rules so we had to change
their intervals.

 

Elliott Franklin, CISSP

Information Security Analyst

Texas State University - San Marcos

512.245.2501

 

________________________________

From: Brown, Christopher [mailto:cebrown () REGIS EDU] 
Sent: Thursday, July 21, 2005 11:32 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Vulnerability Assessment Requirements

 

Greetings,

 

I am throwing this question out there to schools who have implemented a
vulnerability assessment solution such as CCA, Impulse Point, or Campus
Manager.  (Note, I am not trying to start a debate on one versus the
other.)  We are working to get CCA ready for our students this fall and
I was wondering what other schools have decided upon regarding the
requirements they are imposing on their student's PCs.  With CCA you can
check for a lot of things: service packs, Microsoft updates, existence
of anti-virus software, the age of antivirus definition, installed
programs, a missing installed program, etc.  I am curious to find out
what requirements other schools have used?  Do you allow a grace period
or do you require that new updates and virus definitions are necessary
as soon as they become available?  

 

Thanks in advance,

Chris Brown

Information Technology Services

Network/Telecom Administrator

Regis University, Denver CO