Main Nav

Network Registration System Scanner

Thursday, January 1, 2004

Abstract

As of fall 2003, the University of Connecticut network consists of approximately 20,000 hosts, 11,000 of which are in the residential halls. Our commercial Internet link is about 200 Mbps, and the Internet2 link is 155 Mbps. We have been using NetReg as our MAC-based automatic host registration system since 2000. We use Nessus for scheduled and on-demand network vulnerability testing.

In late August 2003, we faced the prospect of 11,000 student computers being connected to an already taxed university network. We assumed that a large portion of these computers were not patched versus the MS03-026 vulnerability (RPC-DCOM). We needed a way to scan for vulnerable hosts as soon as they connected to the network, so users could patch their systems before they were infected with the Blaster or Welchia (Nachia) worms. We had contributed to the refinement of Nessus plugin #11808, which detects hosts vulnerable to RPC-DCOM, and first tried to tie that into NetReg. We were unhappy with the poor speed and stability of launching so many Nessus scans, so we developed our own scanner that would work closely with NetReg. Using this combination, we were able to identify vulnerable computers as they first connected to our network and automatically direct them to the patch they needed without involving support staff.

Download This Resource

Tags from the EDUCAUSE Library

Tags from the Community