Re: Checking for AV software on students' machines

["Dunker, Mary" <dunker () VT EDU>]

Thank you for this excellent report from UC Davis.  Virginia Tech is
making similar plans for network registration and scanning, and we
appreciate everyone sharing their experiences.
Mary

--------------------------------------------
Mary Dunker
Secure Enterprise Technology Initiatives
Virginia Tech Information Technology
1700 Pratt Drive
Blacksburg, VA 24060
(540) 231-9327
FAX: (540) 231-7413
dunker () vt edu


-----Original Message-----
From: Robert Ono [mailto:raono () UCDAVIS EDU] 
Sent: Wednesday, June 09, 2004 4:02 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Checking for AV software on students' machines


Jeff,
We are in the process of expanding our vulnerability scan that takes
place as part of our authentication to campus-wide web-based
applications. See http://security.ucdavis.edu/vulnscanrpt.pdf for
further information. Let me know if you have any questions.

Bob

> Nathan-
>
> I unfortunately don't have an answer to your questions regarding 
> verification of AV software on client machines, but I was wondering if

> you could provide some details on how you accomplished your first goal

> - verifying for patches before a student machine is allowed on the
network.
> We are currently investigating ways to drop student machines into a 
> "quarantine" VLAN if they are not up to the latest Windows patches, 
> but so far have not found an effective way to do that check. Does your

> solution require some kind of pre-installed client agent?
>
> I didn't see anything in a previous thread, but if you've already 
> answered that question my apologies. Any insight, advice, horror 
> stories you could provide would be greatly appreciated.
>
> Thanks,
>
> Jeff Giacobbe
> Director of Systems, Security, and Networking
> Montclair State University
>
>
> Nathan Hall wrote:
> > Now that we have found a way to check students' machines for missing

> > patches before they are allowed on the network, we are looking to
expand
> > to checking for the presence of updated anti-virus software. This 
> > requires access to the students' machines, so we are looking at 
> > using
a
> > web page with a .NET component to perform the check. A few 
> > questions:
> >
> > 1) Is anyone else doing something like this currently?
> > 2) How have you implemented this (web page w/ ActiveX/.Net,
downloadable
> > program...)?
> > 3) What do you look for to determine if AV software is present
(registry
> > entries, services, running processes...)?
> > 4) How successful has it been?
> > 5) Pitfalls?
> >
> > Any other input would be appreciated too. Thanks in advance.
> >
> > Nathan Hall
> > System Administrator
> > SUNY Oneonta
> > Oneonta, NY 13820
> > (607) 436-2708
> >
> > **********
> > Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/cg/.
> **********
> Participation and subscription information for this EDUCAUSE 
> Discussion
Group discussion list can be found at http://www.educause.edu/cg/.
>

Robert Ono, CISSP
IT Security Coordinator
Office of the Vice Provost, Information and Educational Technology UC
Davis 530.757.5795 Desk

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.