[unisog] Network Access Control

Micheal Cottingham micheal.cottingham at sv.vccs.edu
Fri Feb 24 16:04:40 GMT 2006


I would think a service would be preferable anyway so it can run with
SYSTEM privileges. You could even go so far as to push out snort-like
filters to the agent so if there is a new worm out, it can be
automagically picked up and an infected student can be informed earlier.
This discussion sounds similar to ICARUS that UFL put out. Quite a nice
little setup they have. I've seen a couple of products out there that
claim they can remotely detect service packs, malware, p2p clients, av
software, etc. without having to have control over the end-points directly.

Micheal

Mike Wiseman wrote:
> The support issue of a running program was also a concern when we worked on our in-house 
> NAC application - not privacy in particular, just device performance. It ended up being a 
> run-once utility that users run with admin priviledges. This model doesn't work for users 
> who connect to the University's network with 'locked down' laptops (no admin login 
> allowed), however. So an agent running as a Windows service is probably necessary to 
> provide complete NAC coverage.
>
> Mike
>
> Mike Wiseman
> Computing and Networking Services
> University of Toronto
>
>
>   
>> I have always disliked this sort of thing as you have now REQUIRED people to
>> install YOUR software on their computer - This makes you responsible for
>> anything that software does (Keep in mind that requiring can nullify any
>> disclaimer - and since software almost always has disclaimers that the
>> providers [software writers] are not responsible for any damage, YOU become
>> responsible and cannot disclaim your way out of it as YOU required the
>> software be installed).
>>     
>
>
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
>
>
>   



More information about the unisog mailing list