[unisog] Server based scan for student computers

Mike Wiseman mike.wiseman at utoronto.ca
Thu May 19 13:35:13 GMT 2005


> A lot of institutions have similar commercial or homebrew implementations.   One thing 
> I'm
> concerned about is the exposure on the registration vlan.   During the peak registration
> period, there may be several users attempting to register at the same time.  During some
> period these machines are on the same and can become aware of each other if the standard
> Window's networking is enabled.  Viruses could propagate during this time and personal
> information could be exposed.  We all know a lot of damage can be done in a very short
> time!  How do you deal with this?

I used to worry about this - our modified Netreg system is configured to use a large 
subnet for the isolation zone. But nowadays, Windows Firewall in XP SP 2 would protect 
machines from all the old network exploits such as LSASS and RPC. Also, our campus network 
is not exactly a clean zone, yet :-), so putting a lot of effort in making the isolation 
zone clean from exploit propagation doesn't seem worth it. In my mind, if a user attaches 
to our network with a computer that has not been properly managed, then it's probably 
already compromised. If it has been managed properly, up to date on patches, AV, firewall, 
clean of spyware, etc. then that machine doesn't need the protection of  the isolation 
zone. The compromised machine still benefits from the isolation zone connection because it 
is forced into vulnerability remediation.

Mike


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3907 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050519/345630d7/smime.bin


More information about the unisog mailing list