[unisog] Computer Registration

Gary Flynn flynngn at jmu.edu
Wed Jun 5 18:20:07 GMT 2002


Bryan McLaughlin wrote:
> 
> Has anyone had success with a product or technique for registering computer 
> before granting access University resources?  We spend a lot of time tracking 
> down the owner of infected or compromised computers. I would like to be able 
> to easily identify the owner/location of most machines on the network, including 
> roaming student laptops.  How do others handle this situation.

Last week we completed our registration process for the entire campus. We 
rolled our own implementation. Unregistered machines are given a restricted 
IP address and name server via DHCP where every DNS resolution points to 
the registration page. Certainly not meant for security like a vlan/802.1x 
implementation would be but it serves its purpose....instant access to a 
database containing the registered user for any IP address, machine 
location, phone number, and machine type.

Its particularly helpful in the student residence areas that have been
registered since last fall.

I believe a lot of universities are using the NetReg product mentioned by
Simon in their student residence network programs. I'm not sure of the
reasons we didn't go in that direction.

One of the immediate benefits it enables is the ability to automate
notifications of vulnerabilities detected by our vulnerability scanner 
and virus infections detected by our mail server.

It also enables those roaming laptops to plug-in anywhere without a
network reconfiguration due to its associated implementation of
DHCP.

Probably the hardest part of the field work was identifying nodes 
requiring fixed IP addresses. They had a habit of popping out of the 
woodwork.

We're now trying to decide on how often the re-registration needs to 
take place and how best to accomplish it.

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe



More information about the unisog mailing list