NetReg – Virus Killer? Spam Stopper?

Copyright – 2006 This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors.

Matt Brzeski, David LoveEducause Midwest RegionalMarch 15, 2006

NetReg

Virus Killer? Spam Stopper?

Agenda What was the problem? What resources did we use? What benefits/lessons did we gain?

Presenters Matt Brzeski

Student Computing Coordinator David Love

Programmer / Computer Support Technician

Background Carthage

College Liberal arts 2200

enrollment Kenosha, WI

2/3 between Chicago and Milwaukee

Environment Students own computers Residential halls

Networking• Wired

– Each hall is subnet

– Not port-per-pillow

• Wireless– VLAN per hall– VLAN for rest of

campus

Problem Students could not compute

I cannot “IM” my friends!!! What are these popups? My computer is slow-w-w-w

Impact on campus One infected PC took a whole dorm offline Work to clean PCs

Technical Goals Map MAC address to Novell username Verify acceptance of A.U.P. Enforce certain terms of A.U.P.

Windows XP Service Pack 2 Symantec Anti-virus Definitions < 30 days old

Prevent access if conditions are not met

Solutions considered NetReg Nessus

NetReg NetReg

www.netreg.org Used by St. Norbert’s, Amherst,

University of Vermont, Duke, et alii Validator (modified)

www.snc.edu/compserv/tech/sncvalidator/

Written by St. Norbert College

How NetReg Works

How the Validator Works Download and run the program Checks various registry keys

Confirm SP2 installation Confirm Symantec installation Retrieve virus definition date

Send information to server If matches conditions, set a cookie

(which NetReg will check for)

Programming NetReg Server setup

Dual PII 400Mhz w/ 128 MB RAM SuSE LAMP stack (minus the M)

BIND + Dhcpd

Software NetReg Validator Cron job to fetch virus definitions

Is It Secure? Do we care?

80 / 20 rule Most problems caused (as earlier

numbers show) by average Windows users Make everyone else (Mac, Linux, etc.)

register, but no equivalent validator If user is sophisticated enough to set

a static IP or fudge the URL, unlikely to be a problem

What does it look like?

Registration page

Publicity E-mail notices Freshman orientation College newspaper

(Perceived) Benefits

NetReg help instead of AntiVirus now shorter in duration keeps ‘problem’ PCs off network

AntiVirus Effort

0

50

100

150

2003 2004 2005

Inci

den

ts

$-

$2,000

$4,000

$6,000

$8,000

$10,000

Issues

Costs

Lessons Learned ‘Old’ OSes remain AOL Browser ‘in the way’ Definitions kept current Spyware gets nasty

Rootkits Spam goes thru 3rd party

Login.postini.com

Questions? mbrzeski@carthage.edu dlove@carthage.edu

The End