[unisog] Server based scan for student computers

Mike Wiseman mike.wiseman at utoronto.ca
Mon May 16 14:27:55 GMT 2005


We did a lot of work in this area also but mainly focused on vulnerability 
detection/remediation. We took the SWU Netreg and combined it with Nessus but were 
unsatisfied with the limited detection capability due to the unmanaged nature of residence 
and wireless networks. So we went further and replaced Nessus with a wizard-like utility 
that end users are required to run as part of the registration process. This utility is a 
wrapper for Microsoft's MBSA critical update detection tool and it is not installed - just 
run once. The user must be up to date with updates get full network access. If the user 
fails the test, they are directed to WindowsUpdate. This system (called Endpoint Security 
Policy system, ESP for short) has been in service with over 3000 users for a year now and 
it works pretty well. We're about to add a similar utility to check for AV install 
status - readily available in XP SP2 Service Centre and a password audit check.

See  http://www.utoronto.ca/security/UTORprotect/ESP/index.htm for info/download. Note: 
the docs aren't the best yet.


Mike Wiseman
Manager - Computer Security Administration
Computing and Networking Services
University of Toronto

----- Original Message ----- 
From: "scott hollatz" <shollatz at d.umn.edu>
To: "UNIversity Security Operations Group" <unisog at lists.sans.org>
Sent: Friday, May 13, 2005 5:22 PM
Subject: Re: [unisog] Server based scan for student computers

>> > Can some of you who do this tell me what your using?
>> NetReg is one of the more popular open-source ways of going about that :
>> http://www.net.cmu.edu/netreg/
> We've been using a modified NetReg to quarantine systems not passing a
> Nessus scan (of several vulnerabilites, not all Nessus knows of).
> This has been working fine in the reshalls and we've been slowly deploying
> across campus.
> A Nessus hook is also in our wireless authentication gateway (also used for
> public etherjacks) but is not yet in production (has been ready for a few
> years, but no cycles available for rollout...).
> -- 
> scott hollatz                                        net shollatz at d.UMn.eDu
> information technology systems and services          tel +1 218 726 8851
> university of minnesota duluth mn usa                fax +1 218 726 7674
>                                                                         --
>                                            "gabba gabba hey" - the ramones
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3907 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050516/acda28bb/smime.bin

More information about the unisog mailing list