Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Vetting New Devices
From: "Hahues, Sven" <shahues () FGCU EDU>
Date: Fri, 5 Apr 2013 18:58:14 +0000

Mr. Hoffman,

We have about 4000 registered devices between gaming consoles, laptops, ereaders, tablets and phones.  I would say at 
least half of these 4000 devices are PCs/Macs.  90% of these devices are wireless, we only have very few active wired 
ports for end user systems.  Most of the active ports on our switches now support the wireless infrastructure.

We do have wifi in all the residence halls, and they have to register their devices using Bradford there.  The system 
works really well on the wireless as moving users between network segments is almost instantaneous.

Regards,

Sven

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Harry 
Hoffman
Sent: Wednesday, April 3, 2013 11:07 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Vetting New Devices

Just curiously, how many students are still connecting systems (that aren't gaming consoles) to people's resnets?

Do you have wireless in the dorms and do you use Bradford for your wifi as well?

Cheers,
Harry

On 04/03/2013 10:45 AM, Kish, Brett wrote:
Bill,

We use Bradford to inspect all student computers who connect to our RESNET for the first time.  Bradford checks for 
current AV software, permitted OS's, and that the OS is updated to the appropriate service pack.

Bradford is also used to register tablets, mobile devices, smart TV's, and game consoles to the RESNET.  There is no 
inspection of these devices beyond confirming the OUI of the device does fall into one of the previously mentioned 
categories.

Brett Kish
Northwood University

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv 
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hahues, Sven
Sent: Wednesday, April 03, 2013 9:43 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Vetting New Devices

Bill,

We still check all newly connecting student computers for AV software and some version of the operating system using 
our NAC (Bradford).  They have an agent that can be permanently installed or run once to check for the software the 
students should have.

To get through the crunch of new registrations for Fall move in, we ask students to check their computers against our 
system ahead of time (there is a website they can download the run once client), and we schedule sessions that the 
students can attend during move in week where our helpdesk staff assists up to 30 students at a time.

In the past with Windows XP we used to have a lot of calls because students did not have anti malware software, but 
since windows 7 and windows 8 have built in security software this has gotten much less of an issue for Windows 
users, and actually we now have more Mac users who have to come in because they don't have AV software.

The biggest reason we go through all this is to register the device to the student so we know later on who devices 
belonged to if we have any weird problems with the computers.

Hope that helps!

Sven

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv 
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Frazier, William 
S [ITSYS]
Sent: Monday, April 1, 2013 3:07 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Vetting New Devices

We have for several years required newly connecting student Pcs to be checked using a locally developed program.  The 
product had the drawback that it was Windows specific.  On the other hand, most by far of the incoming devices were 
Windows.  Now, the other device types are increasing.  Also, AV products are flagging our test program and some of 
the vendors will not even consider whitelisting it.

We're faced with redeveloping, discontinuing, or purchasing.There is the issue of diminishing returns.  Microsoft has 
gotten much better about discouraging the sorts of user behavior we tended to catch (open file shares, null 
passwords, ...).

Are you doing any kind of vetting against newly connected non-guest devices?  If so what tools are you using?  Also, 
if you are vetting, are there particular steps to accommodate the great check-in crunch at the start of major terms?

Thanks for any insights,
Bill
------------------------------------------------------------------
William Frazier                         frazier () iastate edu
     voice: (515) 294-8620
Iowa State University              fax:   (515) 294-1717
Information Technology Services, 251 Durham, Ames, Iowa 50011-2251



________________________________

Never give out your username or password to anyone. This includes any accounts you have such as: FGCU, bank and 
credit card accounts, and other personal accounts.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault