[unisog] Automated vulnerability tests upon host to network attachment

Allen Chang allen at rescomp.berkeley.edu
Thu May 15 17:20:09 GMT 2003


Hmm...that gives me some good ideas. We're in the middle of implementing a
captive portal registration system. When the user first plugs into the
network, they are tossed to a secure vlan that only allows access to
certain web sites.

I'm thinking that we could toss in some scanning while they're on the
secure vlan.

Of course, that also brings up a problem with dangerous assumptions...that
once a computer is "secure" it's forever considered secure and never
scanned. This, of course is never the case.

@llen
Network Security Coordinator
Residential Computing
UC Berkeley


On Thu, 15 May 2003 Valdis.Kletnieks at vt.edu wrote:

> Now if you have the technical clue and hardware to back it up, *this* would
> be an interesting scenario:
>
> 1) When a new MAC/IP address is seen, you by default block it at the router
> level, so it can't be seen or talk to hosts off the subnet - with punchouts
> for the local DNS server and a local server that mirrors MS, RedHat, etc
> patches.
>
> 2) Once patched off your local server, the admin visits a local webpage that
> kicks off a vulnerability scan.
>
> 3) Once it passes the scan, the passing report causes more router magic that
> then lets the box talk to the rest of the net.
>
>



More information about the unisog mailing list