[unisog] Server based scan for student computers
mike.wiseman at utoronto.ca
Mon May 16 14:27:55 GMT 2005
We did a lot of work in this area also but mainly focused on vulnerability
detection/remediation. We took the SWU Netreg and combined it with Nessus but were
unsatisfied with the limited detection capability due to the unmanaged nature of residence
and wireless networks. So we went further and replaced Nessus with a wizard-like utility
that end users are required to run as part of the registration process. This utility is a
wrapper for Microsoft's MBSA critical update detection tool and it is not installed - just
run once. The user must be up to date with updates get full network access. If the user
fails the test, they are directed to WindowsUpdate. This system (called Endpoint Security
Policy system, ESP for short) has been in service with over 3000 users for a year now and
it works pretty well. We're about to add a similar utility to check for AV install
status - readily available in XP SP2 Service Centre and a password audit check.
See http://www.utoronto.ca/security/UTORprotect/ESP/index.htm for info/download. Note:
the docs aren't the best yet.
Manager - Computer Security Administration
Computing and Networking Services
University of Toronto
----- Original Message -----
From: "scott hollatz" <shollatz at d.umn.edu>
To: "UNIversity Security Operations Group" <unisog at lists.sans.org>
Sent: Friday, May 13, 2005 5:22 PM
Subject: Re: [unisog] Server based scan for student computers
>> > Can some of you who do this tell me what your using?
>> NetReg is one of the more popular open-source ways of going about that :
> We've been using a modified NetReg to quarantine systems not passing a
> Nessus scan (of several vulnerabilites, not all Nessus knows of).
> This has been working fine in the reshalls and we've been slowly deploying
> across campus.
> A Nessus hook is also in our wireless authentication gateway (also used for
> public etherjacks) but is not yet in production (has been ready for a few
> years, but no cycles available for rollout...).
> scott hollatz net shollatz at d.UMn.eDu
> information technology systems and services tel +1 218 726 8851
> university of minnesota duluth mn usa fax +1 218 726 7674
> "gabba gabba hey" - the ramones
> unisog mailing list
> unisog at lists.sans.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3907 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050516/acda28bb/smime.bin
More information about the unisog