Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

local college's answer to all the Windows vulnerabilities

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

local college's answer to all the Windows vulnerabilities

Old 08-24-04, 01:21 PM
  #1  
DVD Talk Hero
Thread Starter
 
Join Date: Aug 2000
Location: Bartertown due to it having a better economy than where I really live, Buffalo NY
Posts: 29,694
local college's answer to all the Windows vulnerabilities

during orientation for my temp job at the campus computer store they told us about the campus network's new system. All the dorms/apartments/etc on campus with ethernet ports for student computers will have a program on the main server scan the computer when it is connected. If it finds any viruses or trojans or detects that not all the windows updates have been installed it won't allow normal usage until you remove the viruses or install the updates.
Makes sense to some degree. Ddin't ask if it blocks file sharing or not.
mikehunt is offline  
Old 08-24-04, 02:07 PM
  #2  
JM
DVD Talk Special Edition
 
Join Date: Dec 1999
Posts: 1,156
I read on CNN (I think) that some campuses were doing this. I am curious about how this works. The only way I can see it working is if there is a software component that must be installed on the student's PC. I assume that unless the student installs this software, his/her PC will be unable to access the network.

Part of the article also mentioned that some campuses' sys admins are freaking out about XP SP2 and blocking it or discouraging students from installing it. Of course, that is ridiculous, and the article even had quotes from sys admins at the more technology-oriented campuses such as UT-Austin saying so (indeed, most of the campus computer people I had experience with were idiots).
JM is offline  
Old 08-24-04, 02:34 PM
  #3  
DVD Talk Limited Edition
 
Join Date: Feb 2000
Location: College Station, TX
Posts: 6,223
I'm a bit leary of SP2 and the firewall for my campus department. I plan on disabling it in Group Policy until I can get it fully configured for all my clients. The rest of SP2 has been good so far.
BigDave is offline  
Old 08-24-04, 03:17 PM
  #4  
DVD Talk Hero
Thread Starter
 
Join Date: Aug 2000
Location: Bartertown due to it having a better economy than where I really live, Buffalo NY
Posts: 29,694
they also are suggesting routers for everyone.
I can see this for people off campus, but there should be no need to a router to hook your one pc into the school's ethernet port in your dorm room, as the campus firewall (and they've had one for years) should handle that stuff
mikehunt is offline  
Old 08-24-04, 03:32 PM
  #5  
JM
DVD Talk Special Edition
 
Join Date: Dec 1999
Posts: 1,156
Originally posted by mikehunt
they also are suggesting routers for everyone.
I can see this for people off campus, but there should be no need to a router to hook your one pc into the school's ethernet port in your dorm room, as the campus firewall (and they've had one for years) should handle that stuff
Actually, there is more need for a router on such a network than on the Internet. The campus firewall will (probably) only protect the internal PCs from an external attack (i.e. via the Internet). It is likely that each dorm/building/etc. will be on its own LAN subnet. Inexperienced computer users will likely have one or more shares on their PC wide open (esp. since XP uses "Simple" sharing by default) such that anyonhe else in that same dorm/building can access it (read or even read/write depending on the share permissions). Thus, such users definitely should have a NAT router (sometimes referred to as a hardware firewall though technically they often aren't) and/or a software firewall.
JM is offline  
Old 08-24-04, 05:39 PM
  #6  
DVD Talk God
 
twikoff's Avatar
 
Join Date: Feb 2000
Location: Right Behind You!!!
Posts: 79,497
Originally posted by JM
I read on CNN (I think) that some campuses were doing this. I am curious about how this works. The only way I can see it working is if there is a software component that must be installed on the student's PC. I assume that unless the student installs this software, his/her PC will be unable to access the network.

Part of the article also mentioned that some campuses' sys admins are freaking out about XP SP2 and blocking it or discouraging students from installing it. Of course, that is ridiculous, and the article even had quotes from sys admins at the more technology-oriented campuses such as UT-Austin saying so (indeed, most of the campus computer people I had experience with were idiots).
you can easily check which patches are on any windows machine without any specific software installed on the client

our security group routinely runs these scans

and if I pull up a machine on hyena.. I can get a listing of all the installed microsoft patches

its just as easy to do a software audit of a client pc without the client needing to install anything
twikoff is offline  
Old 08-24-04, 05:42 PM
  #7  
DVD Talk Hero
Thread Starter
 
Join Date: Aug 2000
Location: Bartertown due to it having a better economy than where I really live, Buffalo NY
Posts: 29,694
doh
totally forget about the internet network and attacks from there
I never lived in the dorms there, way too costly for what you got, but I do remember hearing that someone wrote a napster like program that searched peoples shared directories. you could find better stuff on the internal network than with napster or later file sharing programs
mikehunt is offline  
Old 08-24-04, 07:15 PM
  #8  
JM
DVD Talk Special Edition
 
Join Date: Dec 1999
Posts: 1,156
Originally posted by twikoff
you can easily check which patches are on any windows machine without any specific software installed on the client

our security group routinely runs these scans

and if I pull up a machine on hyena.. I can get a listing of all the installed microsoft patches

its just as easy to do a software audit of a client pc without the client needing to install anything
If you have access (network or physical) to those PCs, then sure you can do that. However, I don't see it working with a PC that is running a decent firewall, which given the spread of firewalls and particularly post-SP2, is why I wonder if they will require a software component on the PC (though I think one could also use domain policies to force updates).

Indeed, I just found that at least one school does require just such client software. See http://security.sc.edu/validation/connectPC.html

Last edited by JM; 08-24-04 at 07:18 PM.
JM is offline  
Old 08-24-04, 09:56 PM
  #9  
DVD Talk Hero
Thread Starter
 
Join Date: Aug 2000
Location: Bartertown due to it having a better economy than where I really live, Buffalo NY
Posts: 29,694
found the description on their website, it's some weird java script pop up so I can't get the direct link

UB NetPass
The University will introduce UB NetPass this fall to help protect campus residentís computers from intruders. UB NetPass will work like a passport service. When a campus resident initially connects to ResNet, UB NetPass will scan their computerís network ports and report back unprotected ports that intruders may use to get into their computer. If evidence of a worm or virus is found on their computer, UB NetPass will prescribe measures that should be taken to remediate the computer.
If remediation is required, UB NetPass will retain their computer in a secure area of the UB network designed to quarantine their computer while enabling remedies to be downloaded. Once remediation is completed, their computer is given full access to the campus network and to the Internet.
mikehunt is offline  
Old 08-24-04, 11:12 PM
  #10  
DVD Talk Special Edition
 
Join Date: Jan 2001
Location: Raleigh, NC
Posts: 1,686
Originally posted by JM
Actually, there is more need for a router on such a network than on the Internet. The campus firewall will (probably) only protect the internal PCs from an external attack (i.e. via the Internet). It is likely that each dorm/building/etc. will be on its own LAN subnet. Inexperienced computer users will likely have one or more shares on their PC wide open (esp. since XP uses "Simple" sharing by default) such that anyonhe else in that same dorm/building can access it (read or even read/write depending on the share permissions). Thus, such users definitely should have a NAT router (sometimes referred to as a hardware firewall though technically they often aren't) and/or a software firewall.
I remember this back in the day. Once I was streaming a Divx movie off of somebody elses computer.

I always wanted to print something really obscene on one of the shared printers on a computer obviously belonging to one of the girls in my co-ed dorm, but i figured they'd trace it back to me.
sdcrym is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive Advertising Cookie Policy Privacy Statement Terms of Service

Copyright © 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.