[unisog] Automated vulnerability tests upon host to network
allen at rescomp.berkeley.edu
Thu May 15 17:20:09 GMT 2003
Hmm...that gives me some good ideas. We're in the middle of implementing a
captive portal registration system. When the user first plugs into the
network, they are tossed to a secure vlan that only allows access to
certain web sites.
I'm thinking that we could toss in some scanning while they're on the
Of course, that also brings up a problem with dangerous assumptions...that
once a computer is "secure" it's forever considered secure and never
scanned. This, of course is never the case.
Network Security Coordinator
On Thu, 15 May 2003 Valdis.Kletnieks at vt.edu wrote:
> Now if you have the technical clue and hardware to back it up, *this* would
> be an interesting scenario:
> 1) When a new MAC/IP address is seen, you by default block it at the router
> level, so it can't be seen or talk to hosts off the subnet - with punchouts
> for the local DNS server and a local server that mirrors MS, RedHat, etc
> 2) Once patched off your local server, the admin visits a local webpage that
> kicks off a vulnerability scan.
> 3) Once it passes the scan, the passing report causes more router magic that
> then lets the box talk to the rest of the net.
More information about the unisog