netreg – virus killer? spam stopper? copyright – 2006this work is the intellectual property of...
TRANSCRIPT
NetReg – Virus Killer? Spam Stopper?
Copyright – 2006 This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors.
Matt Brzeski, David LoveEducause Midwest RegionalMarch 15, 2006
NetReg
Virus Killer? Spam Stopper?
Agenda What was the problem? What resources did we use? What benefits/lessons did we gain?
Presenters Matt Brzeski
Student Computing Coordinator David Love
Programmer / Computer Support Technician
Background Carthage
College Liberal arts 2200
enrollment Kenosha, WI
2/3 between Chicago and Milwaukee
Environment Students own computers Residential halls
Networking• Wired
– Each hall is subnet
– Not port-per-pillow
• Wireless– VLAN per hall– VLAN for rest of
campus
Problem Students could not compute
I cannot “IM” my friends!!! What are these popups? My computer is slow-w-w-w
Impact on campus One infected PC took a whole dorm offline Work to clean PCs
Technical Goals Map MAC address to Novell username Verify acceptance of A.U.P. Enforce certain terms of A.U.P.
Windows XP Service Pack 2 Symantec Anti-virus Definitions < 30 days old
Prevent access if conditions are not met
Solutions considered NetReg Nessus
NetReg NetReg
www.netreg.org Used by St. Norbert’s, Amherst,
University of Vermont, Duke, et alii Validator (modified)
www.snc.edu/compserv/tech/sncvalidator/
Written by St. Norbert College
How NetReg Works
How the Validator Works Download and run the program Checks various registry keys
Confirm SP2 installation Confirm Symantec installation Retrieve virus definition date
Send information to server If matches conditions, set a cookie
(which NetReg will check for)
Programming NetReg Server setup
Dual PII 400Mhz w/ 128 MB RAM SuSE LAMP stack (minus the M)
BIND + Dhcpd
Software NetReg Validator Cron job to fetch virus definitions
Is It Secure? Do we care?
80 / 20 rule Most problems caused (as earlier
numbers show) by average Windows users Make everyone else (Mac, Linux, etc.)
register, but no equivalent validator If user is sophisticated enough to set
a static IP or fudge the URL, unlikely to be a problem
What does it look like?
Registration page
Publicity E-mail notices Freshman orientation College newspaper
(Perceived) Benefits
NetReg help instead of AntiVirus now shorter in duration keeps ‘problem’ PCs off network
AntiVirus Effort
0
50
100
150
2003 2004 2005
Inci
den
ts
$-
$2,000
$4,000
$6,000
$8,000
$10,000
Issues
Costs
Lessons Learned ‘Old’ OSes remain AOL Browser ‘in the way’ Definitions kept current Spyware gets nasty
Rootkits Spam goes thru 3rd party
Login.postini.com
Questions? [email protected] [email protected]
The End