[unisog] Automated vulnerability tests upon host to network attachment

Christopher A Bongaarts cab at tc.umn.edu
Thu May 15 20:07:11 GMT 2003


As Allen Chang once put it so eloquently:

> Hmm...that gives me some good ideas. We're in the middle of implementing a
> captive portal registration system. When the user first plugs into the
> network, they are tossed to a secure vlan that only allows access to
> certain web sites.
> 
> I'm thinking that we could toss in some scanning while they're on the
> secure vlan.
> 
> Of course, that also brings up a problem with dangerous assumptions...that
> once a computer is "secure" it's forever considered secure and never
> scanned. This, of course is never the case.

This also brings up questions of the legality of scanning computers
that may not belong to your school (i.e. visiting faculty/students).
Granted, you can probably say "if you connect to our network we can do 
what we want to you", but perhaps there needs to be some notice or
opt-out mechanism (choose (1) scan me or (2) discconnect me).  I
wonder if you could print an AUP tiny enough to fit on a standard wall 
jack cover...

%%  Christopher A. Bongaarts  %%  cab at tc.umn.edu       %%
%%  Internet Services         %%  http://umn.edu/~cab  %%
%%  University of Minnesota   %%  +1 (612) 625-1809    %%



More information about the unisog mailing list