From: Chris Wieringa (cwieri39@calvin.edu)
Date: Tue Dec 23 2003 - 13:46:13 CST
>I did a presentation on my enhancements to netreg (including a virus
>"jail") at the 2003 ResNet conference.
>
>The presentation (in various formats) and source code are freely available
at:
>
>http://www.saintmarys.edu/~hideg/netreg/
>
>
>Since that conference, I've enhanced the blocking mechanism further.
>Our administrators can now specify virus, DMCA, windows patch level,
>and a generic blocking reason, each with its own web page to redirect
>blocked machines to.
I am thinking about implementing NetReg on our ResNet and one of the big
things I'm concerned with is Virus Blocking. One of the Virus Blocking Caveats
mentioned in this presentation is Lease Time considerations. A virus like
Welchia can easily rip through a ResNet within just a few minutes. Does anyone
have any additional suggestions in quickly quarantining a machine that would
work better than waiting for the lease to expire? I really don't want to have
to have a 10 minute lease just to make quarantining users a bit quicker...
We have been using a home grown port-based registration system for about 5
years now. Since we have all Cisco equipment and have mapped all our ResNet
ports to the switch, we can quickly enable / disable ports for registration and
virus blocking. I'm afraid that when we move to NetReg I am going to regret
not having the ability to quickly turn off a port like I do now. I'd also not
have to quickly disable / re-enable a switch port in order to get the infected
machines to drop their lease more quickly.
Thanks for the insights.
Chris Wieringa
cwieri39@calvin.edu
Network Systems Engineer
Calvin College
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:43 CDT