[unisog] Automated vulnerability tests upon host to network attachment
Christopher A Bongaarts
cab at tc.umn.edu
Thu May 15 20:07:11 GMT 2003
As Allen Chang once put it so eloquently:
> Hmm...that gives me some good ideas. We're in the middle of implementing a
> captive portal registration system. When the user first plugs into the
> network, they are tossed to a secure vlan that only allows access to
> certain web sites.
> I'm thinking that we could toss in some scanning while they're on the
> secure vlan.
> Of course, that also brings up a problem with dangerous assumptions...that
> once a computer is "secure" it's forever considered secure and never
> scanned. This, of course is never the case.
This also brings up questions of the legality of scanning computers
that may not belong to your school (i.e. visiting faculty/students).
Granted, you can probably say "if you connect to our network we can do
what we want to you", but perhaps there needs to be some notice or
opt-out mechanism (choose (1) scan me or (2) discconnect me). I
wonder if you could print an AUP tiny enough to fit on a standard wall
%% Christopher A. Bongaarts %% cab at tc.umn.edu %%
%% Internet Services %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the unisog