[unisog] Automated vulnerability tests upon host to network attachment

Elliot Metsger emetsger at jhu.edu
Thu May 15 20:24:35 GMT 2003



On Thu, 15 May 2003, Christopher A Bongaarts wrote:

> As Allen Chang once put it so eloquently:
>
> > Hmm...that gives me some good ideas. We're in the middle of implementing a
> > captive portal registration system. When the user first plugs into the
> > network, they are tossed to a secure vlan that only allows access to
> > certain web sites.
> >
> > I'm thinking that we could toss in some scanning while they're on the
> > secure vlan.
> >
> > Of course, that also brings up a problem with dangerous assumptions...that
> > once a computer is "secure" it's forever considered secure and never
> > scanned. This, of course is never the case.
>
> This also brings up questions of the legality of scanning computers
> that may not belong to your school (i.e. visiting faculty/students).
> Granted, you can probably say "if you connect to our network we can do
> what we want to you", but perhaps there needs to be some notice or
> opt-out mechanism (choose (1) scan me or (2) discconnect me).  I
> wonder if you could print an AUP tiny enough to fit on a standard wall
> jack cover...

And what would be the purpose of the scanning?  Would it just be for your knowledge (i.e. you throw the scan
results in a database) or would you allow/deny access based on what ports were open?  Seems like you would ruffle
the feathers of network users for not a lot of gain :)

Elliot



More information about the unisog mailing list