[unisog] Server based scan for student computers

Alex Tirdil AJTIRDIL at salisbury.edu
Mon May 16 12:19:04 GMT 2005


Andy,

We (Salisbury University) use a commercial product, Bradford Networks
"Campus Manager".  We are an all-alcatel shop ourselves (7700,8800 cores
and 6124/6148/6300 edge switches).  The system can do nessus scans, has
a client-side ActiveX control (CAT tool) to check for specific windows
updates, to enforce service pack levels, to enforce OS requirment, to
enforce and run particular spyware scans, to check for existence of an
AV product and to verify that DATs are current.  If a client machine
fails any of these items, they can click the item and are brought to a
page (you design) that lets them download what they need.

Works with multiple vlans, we got vlans by building, Registration VLAN
is 10 (when a unregistered MAC comes on the network, they are switched
from production VLAN to registration VLAN).  Remediation VLAN is 20 in
our case (this is where a client is forced when they fail nessus scans
or the CAT tool).  I can go on and on, but if you want more details
check out their website:

www.bradfordnetworks.com 

I also have a lot of literature I can email you, so if you are
interested contact me off list and I can hook you up.  If you want to
actually talk about it, I will hook you up with my number.

>>> adruda at wagner.edu 05/15 6:01 AM >>>
Thanks to all who responded to this.

We are looking at a commercial product available for our Alcatel 
switches to handle the actual quarantine (using perhaps nessus as a 
scanner) process.  We are investigating using the same engine to place

students in the ResNet VLAN in the first place.  The registration front

end (the web interface) we will write ourselves.  Once quarantined 
students are directed to a web server with files that can help them
scan 
and clean their computers but we currently quarantine by hand.

We knew about Perfigo and expect it is costly but if I can get the $$
it 
may be worth it.  Did not know some of the other commercial products 
mentioned.  We had considered nessus for the initial scan but do not 
have a strategy for running it "on demand" when students plug in and
are 
sent to the "registration" server.

I will look at a number of things mentioned to be in response to my
post 
here.

Andy













Fred Portnoy wrote:
> Checking for AV products and current DAT files and Windows updates is
one
> phase. Actually checking for current viruses is another phase. How
you
> choose to quarantine those who fail one or another part of the test
is a
> third phase. The presence of Windows Firewall is a complicating
factor. I've
> heard of an open-source thing called PacketFence although I haven't
had a
> chance to personally analyze it. Do you already have a
> registration/authentication system in place? Because many available
systems
> also do that. Others can work in conjunction with what you're already
using.
> Cisco Clean Access is worth a look, as is Bradford, which operates
somewhat
> differently. We're getting ready to roll out a product called EPO
from
> McAfee to determine the Windows upgrade status and the McAfee AV
status. It
> can report on windows, and it can actually force the update of the
AV. For
> 'guests' who are not regular campus residents, we're rolling out the
Sygate
> On Demand Agent ..... which is to work in conjunction with the Nortel
Shasta
> authentication server/gateway, which already handles those chores for
our
> residential and wireless networks.
> 
> -f
> 
> -----Original Message-----
> From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] 
> On Behalf Of Andy Druda
> Sent: Friday, May 13, 2005 12:59 PM
> To: UNIversity Security Operations Group
> Subject: [unisog] Server based scan for student computers
> 
> We are looking to setup a browser-based (at least the entry point)
system
> which new student's computers will be directed to until they are
registered.
> We want to check for anti-virus software, updates for such, presence
of:
> viruses, current patches and other security problems.
> 
> We would rather not have the expense of a commercial product but we
are not
> even sure what some of the commercial products actually do so they
may even
> be worth some cost.
> 
> Once certified as safe the student will then be led to a registration
system
> which will place them in the normal resnet VLAN.
> 
> Can some of you who do this tell me what your using?
> 
> Thanks,
> 
> 
> Andy
> 
> 
> 
> 
> --
> Andy Druda
> Director of Campus Technology
> Wagner College
> Staten Island, New York
> 718 390 3204
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org 
> http://www.dshield.org/mailman/listinfo/unisog 
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org 
> http://www.dshield.org/mailman/listinfo/unisog 

-- 



Andy Druda
Director of Campus Technology
Wagner College
Staten Island, New York 10301
718 390 3204
_______________________________________________
unisog mailing list
unisog at lists.sans.org 
http://www.dshield.org/mailman/listinfo/unisog


More information about the unisog mailing list