Re: Checking for old web browsers and media plugins

[Bob Bayn <bob.bayn () USU EDU>]

Dean De Beer replied:
> Actually, I'm doing something similar right now. We have a series of
> scripts that collect browser, OS and plugin info and write that data to
> a database. The scripts are embedded on our NAC portal page which
> requires the student to register/authenticate. This way we are able to
> map that information back to a MAC address and student ID. When we see
> any driveby website traffic we can determine if the user would have been
> infected or not based on their current plugins/patches. Not ideal but
> it's better than trying to report on every device as potentially
> infected. We are looking to add this to our intranet page that opens up
> on all staff workstations as the browser homepage.
>
> /dean

after I wrote:
>   We've seen some drive-by compromises here lately.  We run weekly
>   Nessus scans every week against all of our active IPs but those
>   scans don't discover things like old web browsers or missing updates
>   on various media plugins.  We are wondering if it would be
>   productive to put some detection and reporting of obsolete browser
>   or media plugins into some of our commonly used local web pages
>   access to our CMS or ERP) so we can encourage some updating before
>   the drive-by events happen.  Is anybody doing this or considering it?


Thanks, Dean.  That's similar to the route we're trying to pursue.  The other two
suggestions (Nessus with windows credentials and Secunia PSI) are good 
ideas but don't hit all the target groups that we want - including Macintoshes and
linux boxes, many owned by students and independently "managed".  Many of our
office client boxes are managed with LanDesk so we have the update situation
under control there. 

Bob Bayn     (435)797-2396     Security Team coordinator
"IT will NEVER ask for your password via email, honest!"
Office of Information Technology at Utah State University