Windows in HiEd Conference - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

Windows in HiEd Conference

Description:

If success code is sent, MAC is put into DHCP allowed list and ... If PC is virus free and fully patched then release from network jail. ... – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 30
Provided by: mattk2
Category:

less

Transcript and Presenter's Notes

Title: Windows in HiEd Conference


1
Windows in Hi-Ed Conference
  • NetReg and the Automated Virus Cleaning and
    Security Patching Process

Monday, April 25, 2005
Matt Kramer, Analyst/ConsultantInformation
TechnologyBoston Universitykramer_at_bu.edu617-353
-8232
2
Boston University
  • Founded in 1839 4th largest independent
    university in US.
  • 132 acres 348 buildings 465 classrooms.
  • 11,000 residents 28,300 students 3,400
    faculty 5,500 staff 230,000 living alumni.
  • 17 schools and colleges.

3
Aerial View Boston University
Boston University
Fenway Park
4
ResNet Facts
  • 10th largest undergraduate housing system in the
    US.
  • Number of beds on campus 10,781.
  • ResNet subscription includes one 10Mb network
    jack per pillow.
  • Average Internet traffic from ResNet is around
    180Mbps out and 130Mbps in.
  • Current total NetReg entries 16,000.
  • NetReg first deployed at BU during Fall 2002
    automatic certification first deployed Fall 2004.

5
Goals for implementing NetReg
  • Provide a one to one association between a
    computer and a user.
  • Enforcement of computer ethics
  • and acceptable use policy.
  • Allow for the ability to charge a ResNet fee.
  • Quicker resolution of security events due to
    virus infections, DMCA and abuse cases.

6
What is NetReg?
  • First developed by Southwestern University in
    1999.
  • http//www.netreg.org
  • Network Registration system uses DHCP, DNS/BIND
    and HTTP.
  • Easy to Use
  • Perl-CGI driven.
  • MySQL Back-End.
  • Web Interface for help desk support.

7
NetReg Basics
  • Based on Network MAC Address.
  • DHCP server has two pools.
  • If MAC is known. DHCP assigns a real IP and
    real DNS servers.
  • If MAC is unknown. DHCP assigns a private IP
    and the broken DNS servers.
  • Private DNS server is configured with a fake
    root that resolves all name queries to the NetReg
    web server.
  • Switch ACLs used to limit access from the
    private IP space to only a specific list of
    NetReg servers.

8
NetReg - Process
  • User jacks into the network for first time.
  • DHCP server hasnt seen the MAC address and
    assigns a private IP
  • User browses web and is forced to NetReg
    registration page. Username is associated with
    MAC and recorded in the NetReg database
  • OS is detected by JavaScript and browser string.
  • Non-Windows
  • MAC is put into DHCP allowed list and user is
    given a public IP
  • Windows
  • Certification process (BUVS) is run locally on
    PC.
  • BUVS reports results back to NetReg.
  • If success code is sent, MAC is put into DHCP
    allowed list and
  • the machine is allowed onto the public
    network.
  • If failure, help desk intervention is required to
    certify machine.

9
NetReg Welcome Page
10
NetReg User Authentication
11
NetReg Registration Page
12
NetReg BUVS Certification.
13
NetReg Flow
Set Registered state to R in NetReg database.
DHCP request sent.
Client DHCP release / renew.
Update DHCP servers with MAC.
Non-Windows
Redirect to NetReg registration page. Provide
username and password.
Assign private IP.
Set Registered State to P in NetReg database.
Detect OS
Is MAC known
No
Windows
Yes
Is state U
Yes
NetReg state is R
Download and run BUVS on client.
Did BUVS succeed
Helpdesk intervention needed.
No
No
Is state P
Yes
Yes
NetReg States U Unknown MAC, never been
registered. P Pre-registered. In database, but
has not successfully finished BUVS. Q
Quarantined. Kicked off network due to
DMCA, Virus or other reasons. R Registered and
Active
User is registered and not in violation. Assign
normal IP.
No
Is state Q
Go to quarantined URL.
Yes
14
Boston University Virus and Security Tool (BUVS)
  • Purpose
  • Provide an automated way to certify a PC before
    granting general network access.
  • Help clean up an ever growing population of virus
    infected machines.
  • Provide a Help Desk support tool to help minimize
    the number of PCs that might require hands-on
    assistance.

15
BUVS What does it do?
  • Turns on ICF and schedules automatic updates!
  • If necessary, requires Administrator password
    change.
  • Force the installation of missing Service Packs.
  • Scans for and automatically installs any missing
    Microsoft security patches.
  • Downloads latest virus definitions from McAfee.
  • Boots into Safe Mode and runs a one-time virus
    scan using McAfee VirusScan command line version.
  • Reports results back to the NetReg server,
    allowing automatic release of the PC onto the
    "public" network.

16
BUVS Administrator Password
  • Force change of weak passwords.

17
Download Microsoft Updates
  • Connect to internal server for list of available
    patches.
  • Verify at correct Service Pack Level.

18
Scan and Install Missing Patches
  • Scan for patches using hfnetchk.
  • Display a list of all missing patches.

19
Patch Download Process
  • Patches downloaded from internal SUS server.
  • Reasons for use of SUS server.
  • allows for automatic downloading of new patches.
  • support for multiple languages.

20
Download Virus Definitions
  • Connect to NAI and download latest virus
    definitions and scanner.
  • A Web proxy provides access to NAI Web sites from
    the limited access, private network.

21
Boot into Safe Mode
22
Safe Mode VirusScan
  • Remove Temporary
  • IE Cache.
  • Force the scan to finish by disabling the close
    button.

23
Safe Mode VirusScan Results
  • Scan the VirusScan log file
  • for results and display to the User.

24
Send Status Code to NetReg
  • If PC is virus free and fully patched then
    release from network jail.
  • Send BUVS log file to Exchange public folder.
  • Send Encrypted Status Code to NetReg Server.
  • Release and Renew Client DHCP.

25
Success!
  • The virus-free and fully patched PC is granted
    access to the network.

26
BUVS Exchange Public Folder
27
Statistics for Fall 2004
  • 12,054 users ran BUVS
  • OS break down
  • Windows XP (91.03) Windows 2000 (2.45)
  • Windows 9x (6.46) Windows NT (0.06)
  • Infections
  • 2,930 (24.31) machines were infected with a
    total of 41,639 viruses.
  • Over 200 unique virus types.
  • Patches
  • 43.95 of the machines were missing two or more.
  • 59,396 patches were installed.
  • Average BUVS run time 41min and 8sec
  • Total files scanned for viruses 941,987,563.

28
Problems
  • NetReg
  • Static IPs.
  • Remote Connections.
  • Guest Access.
  • BUVS
  • Service Pack Failures.
  • Virus Scan Failures.
  • Spyware.
  • Real-time Certification.

29
Thanks for your attention!
  • Any questions?
  • My Info
  • Matt Kramer
  • Boston University
  • kramer_at_bu.edu
  • 617-353-8232
Write a Comment
User Comments (0)
About PowerShow.com