[unisog] Server based scan for student computers

Alex Tirdil AJTIRDIL at salisbury.edu
Mon May 16 12:19:04 GMT 2005


We (Salisbury University) use a commercial product, Bradford Networks
"Campus Manager".  We are an all-alcatel shop ourselves (7700,8800 cores
and 6124/6148/6300 edge switches).  The system can do nessus scans, has
a client-side ActiveX control (CAT tool) to check for specific windows
updates, to enforce service pack levels, to enforce OS requirment, to
enforce and run particular spyware scans, to check for existence of an
AV product and to verify that DATs are current.  If a client machine
fails any of these items, they can click the item and are brought to a
page (you design) that lets them download what they need.

Works with multiple vlans, we got vlans by building, Registration VLAN
is 10 (when a unregistered MAC comes on the network, they are switched
from production VLAN to registration VLAN).  Remediation VLAN is 20 in
our case (this is where a client is forced when they fail nessus scans
or the CAT tool).  I can go on and on, but if you want more details
check out their website:


I also have a lot of literature I can email you, so if you are
interested contact me off list and I can hook you up.  If you want to
actually talk about it, I will hook you up with my number.

>>> adruda at wagner.edu 05/15 6:01 AM >>>
Thanks to all who responded to this.

We are looking at a commercial product available for our Alcatel 
switches to handle the actual quarantine (using perhaps nessus as a 
scanner) process.  We are investigating using the same engine to place

students in the ResNet VLAN in the first place.  The registration front

end (the web interface) we will write ourselves.  Once quarantined 
students are directed to a web server with files that can help them
and clean their computers but we currently quarantine by hand.

We knew about Perfigo and expect it is costly but if I can get the $$
may be worth it.  Did not know some of the other commercial products 
mentioned.  We had considered nessus for the initial scan but do not 
have a strategy for running it "on demand" when students plug in and
sent to the "registration" server.

I will look at a number of things mentioned to be in response to my


Fred Portnoy wrote:
> Checking for AV products and current DAT files and Windows updates is
> phase. Actually checking for current viruses is another phase. How
> choose to quarantine those who fail one or another part of the test
is a
> third phase. The presence of Windows Firewall is a complicating
factor. I've
> heard of an open-source thing called PacketFence although I haven't
had a
> chance to personally analyze it. Do you already have a
> registration/authentication system in place? Because many available
> also do that. Others can work in conjunction with what you're already
> Cisco Clean Access is worth a look, as is Bradford, which operates
> differently. We're getting ready to roll out a product called EPO
> McAfee to determine the Windows upgrade status and the McAfee AV
status. It
> can report on windows, and it can actually force the update of the
AV. For
> 'guests' who are not regular campus residents, we're rolling out the
> On Demand Agent ..... which is to work in conjunction with the Nortel
> authentication server/gateway, which already handles those chores for
> residential and wireless networks.
> -f
> -----Original Message-----
> From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] 
> On Behalf Of Andy Druda
> Sent: Friday, May 13, 2005 12:59 PM
> To: UNIversity Security Operations Group
> Subject: [unisog] Server based scan for student computers
> We are looking to setup a browser-based (at least the entry point)
> which new student's computers will be directed to until they are
> We want to check for anti-virus software, updates for such, presence
> viruses, current patches and other security problems.
> We would rather not have the expense of a commercial product but we
are not
> even sure what some of the commercial products actually do so they
may even
> be worth some cost.
> Once certified as safe the student will then be led to a registration
> which will place them in the normal resnet VLAN.
> Can some of you who do this tell me what your using?
> Thanks,
> Andy
> --
> Andy Druda
> Director of Campus Technology
> Wagner College
> Staten Island, New York
> 718 390 3204
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org 
> http://www.dshield.org/mailman/listinfo/unisog 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org 
> http://www.dshield.org/mailman/listinfo/unisog 


Andy Druda
Director of Campus Technology
Wagner College
Staten Island, New York 10301
718 390 3204
unisog mailing list
unisog at lists.sans.org 

More information about the unisog mailing list