[unisog] Network Admission Programs

Orlando Richards orlando.richards at ed.ac.uk
Thu May 20 15:50:14 GMT 2004

We have implemented a visual basic script-based system here that does
something similar. On a network connection event to the appropriate
netrange, a series of client and server scans are initiated. If the machine
fails these scans, its network connection is disabled, and the user and
administrators are informed of its failure. 

There's no real reason that this couldn't be ported to *nix shell scripts as
well, if the need arose.

We use hfnetchk to scan for patch levels (doing a "baseline" scan), check
the virus definition versions, run an nmap scan, and so on. 

The code is not in any publishable form (consider it in early alpha stages),
but it meets our needs well enough. We use it to keep our network safe from
nasty roaming laptops. 

If anyone wishes to discuss the details of our system further, please feel
free to contact me directly.

    Dr Orlando Richards
     Computing Officer
     School of Physics
   University of Edinburgh
           EH9 3JZ
     Tel: 0131 650 7407


> -----Original Message-----
> From: unisog-bounces at lists.sans.org 
> [mailto:unisog-bounces at lists.sans.org] On Behalf Of Terry Cavender
> Sent: 17 May 2004 23:24
> To: unisog at lists.sans.org
> Subject: [unisog] Network Admission Programs 
> CISCO is on the verge of releasing its product
> (<http://www.cisco.com/en/US/netsol/ns466/networking_solutions
> _sub_solution_home.html>)
> that will allow a (windows) machine onto the a network 
> providing that the machine meets 
> certain requirements, such as the anti-virus definitions are 
> up to date and the o/s is 
> adequately patched.
> Does anyone know of a similar commercial product or has 
> anyone rolled their own solution?
> If you have rolled your own solution did you try to determine 
> if the machine was already 
> compromised?  If so I would like to contact for technical details.
> Thanks
> -----------------------------------------------------------------
> Terry Cavender
> Network Security Officer
> Vanderbilt University
> http://www.vanderbilt.edu/its/security
> WK: 615-343-3494 Fx: 615-343-1605
> t.cavender at Vanderbilt.Edu
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

More information about the unisog mailing list