[Gllug] Linux Hub/Switch

Doug Winter doug at pigeonhold.com
Tue Sep 23 15:41:57 UTC 2003


On Tue 23 Sep Simon Wilcox wrote:
> That will very quickly lock down infected machines as soon as they start 
> looking for new hosts. It has the added bonus that the user will quickly 
> notice that their connection has disappeared :-)

The big problem large universities have, is that the students need
internet access to get to the windows update servers.  So locking their
port doesn't really get you anywhere.

What I have heard of some places doing, and which sounds quite smart, is
putting every port on a VLAN that *only* provides proxy access to the
windows update service.

Students are required to to a full update of their system, which is then
verified by admin staff.  Then their port is put back on the real
network - and they are charged for enabling the port.

NIDS are running, and if they detect that a virus infection on a port,
the port is switched over to the updating VLAN again.  They have to do
the update, which is verified, and then pay again to regain access.

This helps provide an economic incentive to keep machines patched, as
well as providing some reactive protection.

doug.

-- 
6973E2CF print 2C95 66AD 1596 37D2 41FC  609F 76C0 A4EC 6973 E2CF
"If you are the type of person who likes assault weapons, there
is a place for you - the United States Army. We have them."
   -- General Wesley Clark, responding to a question on gun control

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20030923/0360e055/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug


More information about the GLLUG mailing list