sasser virus (was Re: [unisog] student fees for cleaning.)

Harry Hoffman hhoffman at
Sun May 9 14:20:05 GMT 2004

Here at Drexel University we are using Integrity Agent from Zonelabs and
currently have it installed on ~ 1500 systems used by our staffmembers.

We are currently talking about creating policies for student machines which
would allow them free reign while off of our network but once connected to the
uni. network would enforce our enterprise policy.

I would very much agree with Russell and John in saying that host based security
is extremely important.

Integrity is an interesting concept for a piece of software and even though
Zonelabs has a long way to go before they are ready for the "big time" they seem
to be the only ones who are pretty far down that road right now.

I would however, rather see us push Linux as a viable student Operating System
and provide support services in the arena of automagic reinstalls complete with
hardening via pxe, kickstart, cfengine, etc.

My $0.02 cents,

Quoting Russell Fulton <r.fulton at>:

*> On Sun, 2004-05-09 at 16:17, John Kristoff wrote:
*> > On Sat, 08 May 2004 13:23:22 -0400
*> > Gary Flynn <flynngn at> wrote:
*> >
*> > > This is true but an agent based system on the client, whether a domain
*> > > login or something else, can still detect problems. NIDS in general will
*> >
*> > The vendors who sell security agents and their central controllers would
*> > agree with you.  To some extent they probably can, but I find it unlikely
*> > that a large portion of the systems will be running any agent or be
*> > centrally managed any time in the near future.  They will work for only a
*> > small subset of the population of hosts that can be 'managed'.
*> We already have a small software agent on all our student systems which
*> enables network access for these machines, we are currently looking at
*> using this system for all, or at least most, staff desktop systems too.
*> If we do go this way then we will probably extend it to doing basic
*> integrity patch checking.
*> Like John I have alway been a strong advocate of good host based
*> security, however I have also quietly kept on strengthening our
*> perimeter defences as well.  Most of the time I have downplayed our
*> firewall -- I don't want people to get complacent.

Harry Hoffman
hhoffman at
November 2, 2004: National Bush trimming day

This mail sent through IpSolutions:

More information about the unisog mailing list