Windows in HiEd Conference - PowerPoint PPT Presentation

1 / 29

About This Presentation

Title:

Windows in HiEd Conference

Description:

If success code is sent, MAC is put into DHCP allowed list and ... If PC is virus free and fully patched then release from network jail. ... – PowerPoint PPT presentation

Number of Views:41

Avg rating:3.0/5.0

Slides: 30

Provided by: mattk2

Category:

more less

Transcript and Presenter's Notes

Title: Windows in HiEd Conference

1
Windows in Hi-Ed Conference

NetReg and the Automated Virus Cleaning and
Security Patching Process

Monday, April 25, 2005
Matt Kramer, Analyst/ConsultantInformation
TechnologyBoston Universitykramer_at_bu.edu617-353
-8232
2
Boston University

Founded in 1839 4th largest independent
university in US.
132 acres 348 buildings 465 classrooms.
11,000 residents 28,300 students 3,400
faculty 5,500 staff 230,000 living alumni.
17 schools and colleges.

3
Aerial View Boston University
Boston University
Fenway Park
4
ResNet Facts

10th largest undergraduate housing system in the
US.
Number of beds on campus 10,781.
ResNet subscription includes one 10Mb network
jack per pillow.
Average Internet traffic from ResNet is around
180Mbps out and 130Mbps in.
Current total NetReg entries 16,000.
NetReg first deployed at BU during Fall 2002
automatic certification first deployed Fall 2004.

5
Goals for implementing NetReg

Provide a one to one association between a
computer and a user.
Enforcement of computer ethics
and acceptable use policy.
Allow for the ability to charge a ResNet fee.
Quicker resolution of security events due to
virus infections, DMCA and abuse cases.

6
What is NetReg?

First developed by Southwestern University in
1999.
http//www.netreg.org
Network Registration system uses DHCP, DNS/BIND
and HTTP.
Easy to Use
Perl-CGI driven.
MySQL Back-End.
Web Interface for help desk support.

7
NetReg Basics

Based on Network MAC Address.
DHCP server has two pools.
If MAC is known. DHCP assigns a real IP and
real DNS servers.
If MAC is unknown. DHCP assigns a private IP
and the broken DNS servers.
Private DNS server is configured with a fake
root that resolves all name queries to the NetReg
web server.
Switch ACLs used to limit access from the
private IP space to only a specific list of
NetReg servers.

8
NetReg - Process

User jacks into the network for first time.
DHCP server hasnt seen the MAC address and
assigns a private IP
User browses web and is forced to NetReg
registration page. Username is associated with
MAC and recorded in the NetReg database
OS is detected by JavaScript and browser string.
Non-Windows
MAC is put into DHCP allowed list and user is
given a public IP
Windows
Certification process (BUVS) is run locally on
PC.
BUVS reports results back to NetReg.
If success code is sent, MAC is put into DHCP
allowed list and
the machine is allowed onto the public
network.
If failure, help desk intervention is required to
certify machine.

9
NetReg Welcome Page
10
NetReg User Authentication
11
NetReg Registration Page
12
NetReg BUVS Certification.
13
NetReg Flow
Set Registered state to R in NetReg database.
DHCP request sent.
Client DHCP release / renew.
Update DHCP servers with MAC.
Non-Windows
Redirect to NetReg registration page. Provide
username and password.
Assign private IP.
Set Registered State to P in NetReg database.
Detect OS
Is MAC known
No
Windows
Yes
Is state U
Yes
NetReg state is R
Download and run BUVS on client.
Did BUVS succeed
Helpdesk intervention needed.
No
No
Is state P
Yes
Yes
NetReg States U Unknown MAC, never been
registered. P Pre-registered. In database, but
has not successfully finished BUVS. Q
Quarantined. Kicked off network due to
DMCA, Virus or other reasons. R Registered and
Active
User is registered and not in violation. Assign
normal IP.
No
Is state Q
Go to quarantined URL.
Yes
14
Boston University Virus and Security Tool (BUVS)

Purpose
Provide an automated way to certify a PC before
granting general network access.
Help clean up an ever growing population of virus
infected machines.
Provide a Help Desk support tool to help minimize
the number of PCs that might require hands-on
assistance.

15
BUVS What does it do?

Turns on ICF and schedules automatic updates!
If necessary, requires Administrator password
change.
Force the installation of missing Service Packs.
Scans for and automatically installs any missing
Microsoft security patches.
Downloads latest virus definitions from McAfee.
Boots into Safe Mode and runs a one-time virus
scan using McAfee VirusScan command line version.
Reports results back to the NetReg server,
allowing automatic release of the PC onto the
"public" network.

16
BUVS Administrator Password

Force change of weak passwords.

17
Download Microsoft Updates

Connect to internal server for list of available
patches.
Verify at correct Service Pack Level.

18
Scan and Install Missing Patches

Scan for patches using hfnetchk.

Display a list of all missing patches.

19
Patch Download Process

Patches downloaded from internal SUS server.
Reasons for use of SUS server.
allows for automatic downloading of new patches.
support for multiple languages.

20
Download Virus Definitions

Connect to NAI and download latest virus
definitions and scanner.
A Web proxy provides access to NAI Web sites from
the limited access, private network.

21
Boot into Safe Mode
22
Safe Mode VirusScan