[unisog] Automated vulnerability tests upon host to network attachment
flynngn at jmu.edu
Fri May 16 14:55:57 GMT 2003
Elliot Metsger wrote:
>On Thu, 15 May 2003, Gary Flynn wrote:
>>Elliot Metsger wrote:
>>>And what would be the purpose of the scanning? Would it just be for your knowledge (i.e. you throw the scan
>>>results in a database) or would you allow/deny access based on what ports were open? Seems like you would ruffle
>>>the feathers of network users for not a lot of gain :)
>>Ideally, to deny access if severe vulnerabilities are
>>present. Since we immediately restrict network access
>>of any IIS machine discovered to be infected with
>>Code Red or Nimda, why not do it fifteen minutes
>>earlier before they connect to the network if the
>>scanner tells us they're susceptible.
>I understand that ... I guess as long as the support is there for the user when they come to the help desk
>wondering why they can't get onto the network ...
In the case of the vulerability scan upon connection suggestion, the
registration web page
could explain the problem to the user as the problem occurs. It would be
a learning process
just like the registration process is. The web page/scanner could send
email, provide links to
solutions and patches, etc.
Procedures may be different for faculty/staff computers and student
computers. As someone else
pointed out, facutly/staff computers are usually associated with some
type of support organization.
Student owned computers in residence halls, while they may have access
to a helpdesk, have
less resources available to them. Automating the vulnerability scanning
may be most beneficial
in those student areas at first.
More information about the unisog