[unisog] Server based scan for student computers
r.kerr at cranfield.ac.uk
Mon May 16 08:35:40 GMT 2005
On Fri, 2005-05-13 at 12:59 -0400, Andy Druda wrote:
> We are looking to setup a browser-based (at least the entry point)
> system which new student's computers will be directed to until they are
> registered. We want to check for anti-virus software, updates for such,
> presence of: viruses, current patches and other security problems.
> We would rather not have the expense of a commercial product but we are
> not even sure what some of the commercial products actually do so they
> may even be worth some cost.
> Once certified as safe the student will then be led to a registration
> system which will place them in the normal resnet VLAN.
> Can some of you who do this tell me what your using?
We're currently testing packetfence (www.packetfence.org) for this. It
doesn't do VLAN manipulation, but does have several different modes of
operation. It can either be used inline, or passively with ARP spoofing.
If you're really set on VLAN manipulation then you could probably modify
the code to cope with that, it seems relatively well designed and would
serve as a good base for such customisations.
As others have mentioned, checking for the presence of anti-virus and
current patches is difficult for a purely web based system. You can run
nessus scans, but they can only check for certain patches and won't work
if the client is firewalled. It's probably possible to use activex in
the registration web page to get a better view of the client, but this
is easy to bypass. Things like perfigo rely on the user having to
install a client that checks up on patches in order to get access.
More information about the unisog