[unisog] netreg

Reg Quinton reggers at ist.uwaterloo.ca
Thu Oct 23 19:11:21 GMT 2003


> Has anyone modified netreg so that it is invisible to the user?  Machine
> comes up, gets scanned if clean go onto net if not goes to patches web
site?

My problem with this idea is it requires that the machine not be hardened
so that I can determine if it's ok. The client has to have his pants down
and that's bad in the first place. I'm always encouraging people to harden
their systems -- run ICF so I can't scan your services, if you must run
services disable the NULL session so I can't determine your patch level,
etc.

If a machine is hardened, and shouldn't they all be?, then you cannot
determine if it's clean or not.

The only good way to determine that a machine is clean is to run some
program on the machine itself. You can't determine that its' clean by
looking from the outside in.




More information about the unisog mailing list