[unisog] Automated vulnerability tests upon host to network attachment

Allen Chang allen at rescomp.berkeley.edu
Fri May 16 18:11:48 GMT 2003


My target audience is the 6,000 students who will be bringing their
computers into the ResHalls in the fall. I'm figuring that doing the blank
password check(if technically feasible) will save much more time in terms
of securing hacked computers than it takes to explain to students why
they can't get on the network.

Allen Chang
Residential Computing
UC Berkeley

On Thu, 15 May 2003 marchany at vt.edu wrote:

> One thing we need to remember is who the target audience is.
>
> The recepients of this auto scan thing will more than likely be people who a)
> have no idea what the report means b) doesn't care what the report means c)
> has some clue what the report means but doesn't know how to fix the problems.
>
> So, in keeping with the "never present a problem w/o providing a solution"
> strategy, the hard part of this project isn't the scanning pieces. It's
> showing the user HOW to make the necessary changes. I don't see the benefit of
> this service to a dept that has a reasonably skilled sysadmin. They already
> know how to run a scanner and fix the problem. For those sysadmins who aren't
> motivated to implement the changes, the scanner service doesn't buy anything.
>
> I think the target audience is the clueless wonder crowd and telling them that
> they have a vulnerability with the SQL account means diddly to them. I believe
> the focus should be on developing a mechanism that takes the vulnerability
> findings and translates that to a) a program that will correct the
> deficiencies b) a list of steps that the person has to perform c) both a) and
> b)
>
> Just my .02.
>
> 	-r.
>
>
>
>



More information about the unisog mailing list