[unisog] Server based scan for student computers

BACHAND, Dave (Info. Tech. Services) BachandD at easternct.edu
Mon May 16 13:27:47 GMT 2005


Hello-

We've been using Bradford's product, and are moving to Perfigo as part
of a system-wide directive from above.  I'd like to add my 2 cents...

Nessus IS a good tool.  However, we're seeing more and more computers
these days with firewalls running.  Either Windows Xp SP2, or even the
latest anti-virus packages often have them running.   Nessus can't scan
them, and a firewall in no way makes for a secure station.  I've never
checked the percentage of the student population with firewalls, but it
is certainly growing, so anything Nessus based is going to have short
legs and is going to miss a lot of computers with issues.

If I were going to look for a new solution, I'd be looking for the
following:

Preferably 802.1X based, so the authentication can be off-loaded to the
edge switches.
Definitely requiring some sort of a client agent, as that's probably the
only long-term solution.

In terms of what's out there-

Bradford's product does do VLAN switching, which is good.  But is Nessus
based.  Although we do have the product coupled with an IDS, which does
do a good job of detecting ad shutting down the worst of the rogues.

Netreg is also Nessus based, doesn't do any switching, and unless you
have some good scripting set up, can be thwarted.

Perfigo is in-line, in my opinion primitive, and owned by my least
favorite company, but does have an agent at least.


++++++++++++++++++++++++++++++++++
Dave Bachand
Data Network Manager
Information Technology Services
Eastern Connecticut State University
83 Windham Street
Willimantic, CT
Tel. (860)465-5376
++++++++++++++++++++++++++++++++++

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Andy Druda
Sent: Sunday, May 15, 2005 6:10 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] Server based scan for student computers

We want to go further than netreg in the quarantine department.  We
don't want students on the same VLAN until they are safe so we will
manipulate the switches (as we currently do by hand).  We have most of
that part already figured out but want to decide what to scan with.  We
are considering nessus.  VERY good to see some of you are using it for
the scanning.





scott hollatz wrote:
>>>Can some of you who do this tell me what your using?
>>
>>NetReg is one of the more popular open-source ways of going about that
:
>>
>>http://www.net.cmu.edu/netreg/
> 
> 
> We've been using a modified NetReg to quarantine systems not passing a

> Nessus scan (of several vulnerabilites, not all Nessus knows of).
> 
> This has been working fine in the reshalls and we've been slowly 
> deploying across campus.
> 
> A Nessus hook is also in our wireless authentication gateway (also 
> used for public etherjacks) but is not yet in production (has been 
> ready for a few years, but no cycles available for rollout...).
> 

-- 



Andy Druda
Director of Campus Technology
Wagner College
Staten Island, New York 10301
718 390 3204
_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog




More information about the unisog mailing list