[unisog] Server based scan for student computers

Andy Druda adruda at wagner.edu
Sun May 15 10:01:10 GMT 2005

Thanks to all who responded to this.

We are looking at a commercial product available for our Alcatel 
switches to handle the actual quarantine (using perhaps nessus as a 
scanner) process.  We are investigating using the same engine to place 
students in the ResNet VLAN in the first place.  The registration front 
end (the web interface) we will write ourselves.  Once quarantined 
students are directed to a web server with files that can help them scan 
and clean their computers but we currently quarantine by hand.

We knew about Perfigo and expect it is costly but if I can get the $$ it 
may be worth it.  Did not know some of the other commercial products 
mentioned.  We had considered nessus for the initial scan but do not 
have a strategy for running it "on demand" when students plug in and are 
sent to the "registration" server.

I will look at a number of things mentioned to be in response to my post 


Fred Portnoy wrote:
> Checking for AV products and current DAT files and Windows updates is one
> phase. Actually checking for current viruses is another phase. How you
> choose to quarantine those who fail one or another part of the test is a
> third phase. The presence of Windows Firewall is a complicating factor. I've
> heard of an open-source thing called PacketFence although I haven't had a
> chance to personally analyze it. Do you already have a
> registration/authentication system in place? Because many available systems
> also do that. Others can work in conjunction with what you're already using.
> Cisco Clean Access is worth a look, as is Bradford, which operates somewhat
> differently. We're getting ready to roll out a product called EPO from
> McAfee to determine the Windows upgrade status and the McAfee AV status. It
> can report on windows, and it can actually force the update of the AV. For
> 'guests' who are not regular campus residents, we're rolling out the Sygate
> On Demand Agent ..... which is to work in conjunction with the Nortel Shasta
> authentication server/gateway, which already handles those chores for our
> residential and wireless networks.
> -f
> -----Original Message-----
> From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
> On Behalf Of Andy Druda
> Sent: Friday, May 13, 2005 12:59 PM
> To: UNIversity Security Operations Group
> Subject: [unisog] Server based scan for student computers
> We are looking to setup a browser-based (at least the entry point) system
> which new student's computers will be directed to until they are registered.
> We want to check for anti-virus software, updates for such, presence of:
> viruses, current patches and other security problems.
> We would rather not have the expense of a commercial product but we are not
> even sure what some of the commercial products actually do so they may even
> be worth some cost.
> Once certified as safe the student will then be led to a registration system
> which will place them in the normal resnet VLAN.
> Can some of you who do this tell me what your using?
> Thanks,
> Andy
> --
> Andy Druda
> Director of Campus Technology
> Wagner College
> Staten Island, New York
> 718 390 3204
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog


Andy Druda
Director of Campus Technology
Wagner College
Staten Island, New York 10301
718 390 3204

More information about the unisog mailing list