From: Frank Bulk (bulkf@dordt.edu)
Date: Tue Dec 23 2003 - 15:07:10 CST
Chris:
You could automatically disable their port until the lease time has
expired, and then re-enable it.
Regards,
Frank
>>> cwieri39@calvin.edu Tuesday, December 23, 2003 2:46:13 PM >>>
>I did a presentation on my enhancements to netreg (including a virus
>"jail") at the 2003 ResNet conference.
>
>The presentation (in various formats) and source code are freely
available
at:
>
> http://www.saintmarys.edu/~hideg/netreg/
>
>
>Since that conference, I've enhanced the blocking mechanism further.
>Our administrators can now specify virus, DMCA, windows patch level,
>and a generic blocking reason, each with its own web page to redirect
>blocked machines to.
I am thinking about implementing NetReg on our ResNet and one of the
big
things I'm concerned with is Virus Blocking. One of the Virus Blocking
Caveats
mentioned in this presentation is Lease Time considerations. A virus
like
Welchia can easily rip through a ResNet within just a few minutes. Does
anyone
have any additional suggestions in quickly quarantining a machine that
would
work better than waiting for the lease to expire? I really don't want
to have
to have a 10 minute lease just to make quarantining users a bit
quicker...
We have been using a home grown port-based registration system for
about 5
years now. Since we have all Cisco equipment and have mapped all our
ResNet
ports to the switch, we can quickly enable / disable ports for
registration and
virus blocking. I'm afraid that when we move to NetReg I am going to
regret
not having the ability to quickly turn off a port like I do now. I'd
also not
have to quickly disable / re-enable a switch port in order to get the
infected
machines to drop their lease more quickly.
Thanks for the insights.
Chris Wieringa
cwieri39@calvin.edu
Network Systems Engineer
Calvin College
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:43 CDT