funsec mailing list archives

Re: so, is I[dp]S a STUPID technology?

From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 13 Oct 2005 09:47:29 -0500

--On Wednesday, October 12, 2005 21:57:54 -0600 Dude<dudevanwinkle () gmail com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We provided the option of patch management to the students and not many
refused the service.

We've discussed it (actually I've raised the issue repeatedly), butmanagement doesn't want to go there.

Students want to keep their machines safe as well, most just dont know
how.


I'll agree with that!

Agent based stuff has worked really well for me. Patchlink has done a
bang up job in my previouls .edu domain. Havent been hit by any of the
werms. The agents do a client pull every 15 min from the server over
ssl. report if they fail x amount of times.

We haven't had any problems with worms in quite some time. Sheer luck Iguess. ;-)

As far as scanning them goes, http://infosec.yorku.ca/tools/ has a
scanner that did 4 class B's in under 15 min, (ask J. Glass:) it doesnt
check for everything, but you might get it to at least scan for the SANS
top 20 in that time with some trial and error.

Thanks. I'll check that out. I haven't mentioned this in previous posts,but one of the problems that I've had with va scanners is boatloads offalse positives. For example, GFI Languard works quite well *if* you havelocal admin on the box. (We don't.) If not, it's prone to falsepositives. When you have to chase down fps on hundreds of boxes, you veryquickly find something else to do and the va scanner becomes a boat anchor.

Nessus has the same problem. Can't tell you about ISS because it's neverworked well enough to determine if it generates fps (except for the onethat we reported that they swore up and down didn't exist until they wereable to replicate it.)


Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: so, is I[dp]S a STUPID technology?, (continued)
- - Re: so, is I[dp]S a STUPID technology? Aviram Jenik (Oct 11)
    - Re: so, is I[dp]S a STUPID technology? Blue Boar (Oct 11)
    - Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
    - Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 11)
    - Re: so, is I[dp]S a STUPID technology? Aviram Jenik (Oct 11)
    - Re: so, is I[dp]S a STUPID technology? Jordan Wiens (Oct 11)
    - Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
    - Re: so, is I[dp]S a STUPID technology? Blue Boar (Oct 12)
    - Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
    - Re: so, is I[dp]S a STUPID technology? Blue Boar (Oct 12)
    - Message not available
    - Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 13)
    - Re: so, is I[dp]S a STUPID technology? Robert Edmonds (Oct 20)
    - Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 20)
    - Re: so, is I[dp]S a STUPID technology? Eduardo Tongson (Oct 20)
    - Re: so, is I[dp]S a STUPID technology? Valdis . Kletnieks (Oct 11)
    - Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
    - Re: so, is I[dp]S a STUPID technology? Valdis . Kletnieks (Oct 12)
    - RE: so, is I[dp]S a STUPID technology? Aditya Deshmukh (Oct 11)
    - RE: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
  - Re: so, is I[dp]S a STUPID technology? Florian Weimer (Oct 12)
    - Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)

(Thread continues...)