1 / 23

York Secure Scan vs Microsoft Windows

York Secure Scan vs Microsoft Windows. Our story and how we dealt with it. Introduction. Presenter: Leonard Chow Supervisor / Technical Analyst, Client Services Computing and Network Services York University Toronto ON Canada lchow@yorku.ca http://www.yorku.ca. This Presentation….

masako
Download Presentation

York Secure Scan vs Microsoft Windows

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. York Secure Scan vs Microsoft Windows Our story and how we dealt with it

  2. Introduction • Presenter: • Leonard Chow • Supervisor / Technical Analyst, Client Services • Computing and Network Services • York University • Toronto ON Canada • lchow@yorku.ca • http://www.yorku.ca

  3. This Presentation… • Tuesday, June 24 2008 • Presentation 5A: 9:00 - 10:00 AM – Singer Bldg Rm 151 • York Secure Scan vs Microsoft Windows - our story and how we dealt with it • Clients want to get ResNet Internet service - ResNet Network Administrators want a secure and safe network - and our ResNet Support Team is right in the middle of it! • This is the story of how we dealt with York Secure Scan, the application on the York University ResNet network that grants permission to registration for Microsoft Windows workstations. • First, a brief introduction to the history of the York University ResNet service will be done outlining the important role our York Secure Scan application takes to only allow clean secured workstations onto the our ResNet service. Next, there will be some discussion into the problems that were reported by clients (missing MS OS patches, problems loading MS OS patches, etc). Lastly, some solutions to the problems that we faced will be presented (how to get patches loaded) and our procedures for dealing with some of our more problematic clients/students. • This is not a presentation about how to build and implement an application such as York Secure Scan, this is only the Client Services perspective of how we did our jobs. • This MS Powerpoint presentation is currently available at http://www.yorku.ca/lchow/

  4. York UniversityComputing Support • -Specific Faculties - Technical Support • -Specific Admin./Bus. Dept. - Technical Support • -Central Computing Services • -Infrastructure • -Network • -Server Administration • -Information Security • -etc. • -Client Services -Residence Support • (ResNet Support / In-Residence Support)

  5. York University ResNet Service... • -DHCP - assigned IP and DNS information • -MAC authentication • -Registration through browser and student authentication • -Registration/authentication VLAN vs actual Internet service VLAN • -9 York undergrad/dorm residence buildings or areas • -14 York apartment/suite residence buildings or 3 areas • -Approx. 50,000 students attend York University over 2 campuses (main campus and Glendon campus) • -Approx. 6000 ResNet jacks/beds in all the buildings • -Approx. 5000 ResNet clients/users registered and they have their “own” computers running MS Windows, Mac OS, and Linux typically

  6. Back then, in a perfect world... • To get ResNet Internet Service • Clients/students comes with their laptop/computer and plugs into the ResNet service jack with their network cable; the computer will get an IP/DNS via DHCP for 'registration/authentication VLAN' • The client/student authenticates themselves and registers onto the ResNet service via browser • After registration finishes, then there's Internet service (IP/DNS via DHCP)

  7. ResNet before being registered…

  8. Back then, it wasn't a perfect world... • -There were many improvements that need to be made • -Not sure what the problem was • -Network device (Cisco Switch) problems • -Rogue problems • -Virus problems • -Client/end-user problems (OS problems?) • -WHY WOULDN'T THINGS JUST WORK!

  9. In came Information Security... • -York Secure Scan (yss.exe) was introduced into the process • So in the new world... • To get ResNet Internet Service • Clients/students comes with their laptop/computer and plugs into the ResNet service jack with their network cable; the computer will get an IP/DNS via DHCP for 'registration/authentication VLAN' • If the computer is a MS Windows computer, then it will be forced to go through the York Secure Scan • In order to pass York Secure Scan and continue onto client/student authentication for ResNet Registration, the MS Windows computer must have all Critical Updates/Patches and must have Symantec Antivirus with up to date virus definitions • The client/student authenticates themselves and registers onto the ResNet service • After registration finishes, then there's Internet service (IP/DNS via DHCP)

  10. The new features... • -Secured 'registration/authentication VLAN' • -Proxy to allow clients to get MS Windows Critical Updates/Patches • -Proxy to allow clients to get Symantec Antivirus virus definition updates • -Things improved drastically! • -Cut down on client-end OS related problems

  11. York Secure Scan • http://resnet.yorku.ca/secure_scan.html

  12. The new problems... • -Illegal/cracked copies of MS Windows OS • -Critical Updates/Patches that aren't really loaded • -Language Versions of MS Windows OS that aren't supported by YSS • -3rd party firewalls and security suite programs • -Corrupted MS Windows OS • -They don't like our Symantec Antivirus

  13. For Illegal/cracked copies of MS Windows OS clients... • -Get a legal valid copy/service key of the MS Windows OS • -Student discount on-campus, but it's still a lot of pain for the client • Warn them... • -Backup data (personal pictures, music, documents, homework, etc.) • -Format/reload very often means everything will be deleted • -This is between the client and the computer store/vendor

  14. For clients where there are critical updates/patches issues... • -Go and download the missing patch from Microsoft • -Load the same update/patch again • -Uninstall the specific update/patch and load it again • -Go and download the York Antivirus CD (which has MS patches on it) • Warn them... • -This is between the client and the computer store/vendor • -Backup data (personal pictures, music, documents, homework, etc.)

  15. For clients with Non-English Language Versions of MS Windows OS that are not supported by YSS • -Escalate it to Information Security so that they're aware • -There's a workaround version of York Secure Scan

  16. For clients running 3rd party Firewalls and security suite programs... • -Shut the 3rd party software off • -Advise client to uninstall the security suite program that's expired • Warn them... • -This is between the client and the computer store/vendor • -Backup data (personal pictures, music, documents, homework, etc.)

  17. For clients who don't like our Symantec Antivirus program... • -They MUST use our version of Symantec Antivirus if they're running MS Windows OS if they're going to pass York Secure Scan • Warn them... • -Uninstall the existing antivirus software fully, and restart the computer, before installing a new antivirus software • -This is between the client and the computer store/vendor • -Backup data (personal pictures, music, documents, homework, etc.)

  18. After 2 years, York Secure Scan ver. 2 came out... • -Now runs new MBSA engine • -Now accepts other popular antivirus software e.g. Norton, McAfee, etc.

  19. The new York Secure Scan ver. 2, new issues... • -MBSA errors • -Languages Versions of MS Windows OS that aren't supported by YSS • -3rd party firewalls and security suite programs (LiveOne Care) • Same old problems... • -Can't load a patch • -Patch is not there, but it says that it's loaded • -Corrupted MS Windows OS • -The antivirus software is not recognized

  20. For clients who get an MBSA errors... • -Escalate it to Information Security if necessary • -Download MBSA standalone from Microsoft and if it doesn’t pass this test, then the system is corrupted • http://technet.microsoft.com/en-us/security/cc184924.aspx • -Rebuild/reload the system • Warn them... • -This is between the client and the computer store/vendor • -Backup data (personal pictures, music, documents, homework, etc.)

  21. For clients who get end up with no IP/DNS with LiveOne Care • -Trial versions of LiveOne Care gave this problem; advise the client to uninstall this software or get the full version • -Full licensed versions of LiveOne Care were less troublesome • -Use a SOHO router • Warn them... • -This is between the client and the computer store/vendor • -Backup data (personal pictures, music, documents, homework, etc.)

  22. Our other rarely advised solutions? • -Use a SOHO router (~$50) and find a non-MS Windows OS computer to register • -Use a Linux live CD (e.g. Knoppix, Ubuntu) • -There are other Internet services available on campus

  23. End of presentation • Questions? • Thanks for coming to this presentation.

More Related