[unisog] Automated vulnerability tests upon host to network attachment

Gary Flynn flynngn at jmu.edu
Fri May 16 14:55:57 GMT 2003


Elliot Metsger wrote:

>On Thu, 15 May 2003, Gary Flynn wrote:
>
>  
>
>>Elliot Metsger wrote:
>>    
>>
>>>And what would be the purpose of the scanning?  Would it just be for your knowledge (i.e. you throw the scan
>>>results in a database) or would you allow/deny access based on what ports were open?  Seems like you would ruffle
>>>the feathers of network users for not a lot of gain :)
>>>      
>>>
>>Ideally, to deny access if severe vulnerabilities are
>>present. Since we immediately restrict network access
>>of any IIS machine discovered to be infected with
>>Code Red or Nimda, why not do it fifteen minutes
>>earlier before they connect to the network if the
>>scanner tells us they're susceptible.
>>    
>>
>
>I understand that ... I guess as long as the support is there for the user when they come to the help desk
>wondering why they can't get onto the network ...
>
In the case of the vulerability scan upon connection suggestion, the 
registration web page
could explain the problem to the user as the problem occurs. It would be 
a learning process
just like the registration process is. The web page/scanner could send 
email, provide links to
solutions and patches, etc.

Procedures may be different for faculty/staff computers and student 
computers. As someone else
pointed out, facutly/staff computers are usually associated with some 
type of support organization.
Student owned computers in residence halls, while they may have access 
to a helpdesk, have
less resources available to them. Automating the vulnerability scanning 
may be most beneficial
in those student areas at first.

>  
>



More information about the unisog mailing list