Re: Vetting New Devices

["Hahues, Sven" <shahues () FGCU EDU>]

Bill,

We still check all newly connecting student computers for AV software and some version of the operating system using 
our NAC (Bradford).  They have an agent that can be permanently installed or run once to check for the software the 
students should have.

To get through the crunch of new registrations for Fall move in, we ask students to check their computers against our 
system ahead of time (there is a website they can download the run once client), and we schedule sessions that the 
students can attend during move in week where our helpdesk staff assists up to 30 students at a time.

In the past with Windows XP we used to have a lot of calls because students did not have anti malware software, but 
since windows 7 and windows 8 have built in security software this has gotten much less of an issue for Windows users, 
and actually we now have more Mac users who have to come in because they don't have AV software.

The biggest reason we go through all this is to register the device to the student so we know later on who devices 
belonged to if we have any weird problems with the computers.

Hope that helps!

Sven

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Frazier, 
William S [ITSYS]
Sent: Monday, April 1, 2013 3:07 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Vetting New Devices

We have for several years required newly connecting student Pcs to be checked using a locally developed program.  The 
product had the drawback that it was Windows specific.  On the other hand, most by far of the incoming devices were 
Windows.  Now, the other device types are increasing.  Also, AV products are flagging our test program and some of the 
vendors will not even consider whitelisting it.

We're faced with redeveloping, discontinuing, or purchasing.There is the issue of diminishing returns.  Microsoft has 
gotten much better about discouraging the sorts of user behavior we tended to catch (open file shares, null passwords, 
...).

Are you doing any kind of vetting against newly connected non-guest devices?  If so what tools are you using?  Also, if 
you are vetting, are there particular steps to accommodate the great check-in crunch at the start of major terms?

Thanks for any insights,
Bill
------------------------------------------------------------------
William Frazier                         frazier () iastate edu
     voice: (515) 294-8620
Iowa State University              fax:   (515) 294-1717
Information Technology Services, 251 Durham, Ames, Iowa 50011-2251



________________________________

Never give out your username or password to anyone. This includes any accounts you have such as: FGCU, bank and credit 
card accounts, and other personal accounts.