[unisog] Automated vulnerability tests upon host to network attachment

Gary Flynn flynngn at jmu.edu
Thu May 15 20:41:00 GMT 2003



Elliot Metsger wrote:
>  
> And what would be the purpose of the scanning?  Would it just be for your knowledge (i.e. you throw the scan
> results in a database) or would you allow/deny access based on what ports were open?  Seems like you would ruffle
> the feathers of network users for not a lot of gain :)

Ideally, to deny access if severe vulnerabilities are
present. Since we immediately restrict network access
of any IIS machine discovered to be infected with
Code Red or Nimda, why not do it fifteen minutes
earlier before they connect to the network if the
scanner tells us they're susceptible.

We've found compromised systems with dsniff/ettercap type
tools installed on them letting them sniff across
switch ports. Its no longer a case of individual freedom
and convenience. Its a matter of protecting the other
users on the network from those that can't or won't
safely operate their computer.

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe



More information about the unisog mailing list