Educause Security Discussion mailing list archives
Re: Vulnerability Assessment Requirements
From: George <george.russ () CITADEL EDU>
Date: Thu, 21 Jul 2005 13:39:22 -0400
Do you allow a grace period. No grace period for first time registration Do you require that new updates and virus definitions are necessary as soon as they become available? Yes, done automatically To get on the "real" network we require: SP2 and current on MS critical updates No Norton AV products (interferes with Symantec) Symantec AV Corporate 10.0, settings virtually locked down "Completed" Symantec scan of entire local root drive MS AntiSpyware MS FW on Patch management SW installed(Patchlink agent) MS updates set for automatic DL and install Other minor configurations to IE, registry, etc. George --------------------------------------------------------------- George Russ ITS/Network Support Services The Citadel Charleston SC 29409 --------------------------------------------------------------- _____ From: Brown, Christopher [mailto:cebrown () REGIS EDU] Sent: Thursday, July 21, 2005 11:32 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Vulnerability Assessment Requirements Greetings, I am throwing this question out there to schools who have implemented a vulnerability assessment solution such as CCA, Impulse Point, or Campus Manager. (Note, I am not trying to start a debate on one versus the other.) We are working to get CCA ready for our students this fall and I was wondering what other schools have decided upon regarding the requirements they are imposing on their student's PCs. With CCA you can check for a lot of things: service packs, Microsoft updates, existence of anti-virus software, the age of antivirus definition, installed programs, a missing installed program, etc. I am curious to find out what requirements other schools have used? Do you allow a grace period or do you require that new updates and virus definitions are necessary as soon as they become available? Thanks in advance, Chris Brown Information Technology Services Network/Telecom Administrator Regis University, Denver CO
Current thread:
- Vulnerability Assessment Requirements Brown, Christopher (Jul 21)
- <Possible follow-ups>
- Re: Vulnerability Assessment Requirements George (Jul 21)
- Re: Vulnerability Assessment Requirements Michael Grinnell (Jul 21)
- Re: Vulnerability Assessment Requirements Hall, Rand (Jul 21)
- Re: Vulnerability Assessment Requirements George (Jul 21)
- Re: Vulnerability Assessment Requirements Mike Wiseman (Jul 22)
- Re: Vulnerability Assessment Requirements Franklin, Elliott (Jul 25)