LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

March 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS March 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Connects from non-CCA IP addresses
From:	Greg Schaffer <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Mon, 20 Mar 2006 10:36:12 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (72 lines)

You could disallow any incoming connections on the trusted side (I'm 
assuming that's where they're logging in) with a MAC of 00:00:00:00:00:00.

William Doyle wrote:
> As far as I know there is no way, short of firewalling, to prevent 
> this. But, make sure that the CAS discovery host (Clean Access Agent 
> configuration) IP is set to your manager and not the server. If it is 
> set to the server and the client is configured to pop up, it will pop 
> up from anywhere.
>
> At 07:49 AM 3/20/2006, you wrote:
>> That would explain it. I am running 3.5.8 for my CAM with the 3.5.10 
>> client.
>>
>> On an unrelated note, we had something weird happen over Spring Break 
>> (or maybe it was just the first time that I noticed it). When I 
>> brought up the online users page, a number of the users were logged 
>> in from a non-university IP address. Also, while the screen did show 
>> their username and IP address, it didn’t have the MAC or VLAN field 
>> populated. I confirmed that this was due to users who have a laptop 
>> with the agent installed, who then take it home and use their own 
>> ISP, are still logging in to our client and authenticating through 
>> our CAS. Have others seen this? How are you addressing it?
>>
>> Thanks again!
>>
>> Elliott Franklin, CISSP
>> Information Security Analyst
>> Texas State University-San Marcos
>> http://www.vpit.txstate.edu/security
>> 512.245.2501
>> ------------------------------------------------------------------------
>> *From:* Perfigo SecureSmart and CleanMachines Discussion List [ 
>> mailto:[log in to unmask]] *On Behalf Of *Rajesh Nair (rajnair)
>> *Sent:* Monday, March 20, 2006 9:34 AM
>> *To:* [log in to unmask]
>> *Subject:* Re: Avast Antivirus
>>
>> Hello Elliot,
>>
>> Avast! 4.x is supported starting from ver 3.5.11 (if you are on 
>> 3.5.x) of the agent (or 3.6.1.0 if you are on 3.6.x). The vendor name 
>> in the support charts is "ALWIL Software" since that is their 
>> official name.
>>
>> Is this a different version of Avast! that you are trying to detect?
>>
>> -Rajesh.
>>
>> ------------------------------------------------------------------------
>> *From:* Perfigo SecureSmart and CleanMachines Discussion List [ 
>> mailto:[log in to unmask]] *On Behalf Of *Franklin, Elliott
>> *Sent:* Monday, March 20, 2006 7:10 AM
>> *To:* [log in to unmask]
>> *Subject:* Avast Antivirus
>> We implemented an optional anti-virus installation check today and 
>> are already receiving many calls and emails. It’s amazing the number 
>> of students who do not have any of the CCA supported scanners 
>> installed (we’re not even checking for current DATs at this point.) 
>> At any rate, does anyone have a custom check for the free Avast virus 
>> scanner (http://www.avast.com/)? What are the criteria for Cisco to 
>> add a new product to their supported AV list?
>>
>> Thanks!
>>
>> Elliott Franklin, CISSP
>> Information Security Analyst
>> Texas State University-San Marcos
>> http://www.vpit.txstate.edu/security
>> 512.245.2501
>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU