The University has had a number of viruses run through their systems over the years I worked for them. I have/had Macaffe and as of about 2 years ago they "took control" of all the command and control servers through out the University because "they were not being managed correctly". A few of the colleges/research groups/campuses what ever you want to call them had managed to keep off Macaffee until then for the most part by just not purchasing licenses and buying something else. Management became aware of this when the power grab happened and about a third of all the systems were NOT under their control. They mandated that admins had to install University approved AV on the systems purchased after a certain date. The rules were written without any input from any of the Windows Admins not associated with the core of the University.
Jon On Tue, Mar 6, 2012 at 9:15 AM, Ziots, Edward <[email protected]> wrote: > Sad for them, be nice to fire up the Backtrax Pen test server and show > that the Windows systems could be toppled just as fast as the .NIX systems. > **** > > ** ** > > Z**** > > ** ** > > Edward Ziots**** > > CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected]**** > > ** ** > > *From:* Jon Harris [mailto:[email protected]] > *Sent:* Monday, March 05, 2012 6:20 PM > > *To:* NT System Admin Issues > *Subject:* Re: Vulnerability scanning, and calling it a Pen test the rant > continues**** > > ** ** > > I have seen this in a University setting. The Unix side of the house said > this was all that was needed the Windows side said BS but since most of > Management liked the lack of real cost they took the Unix sides word and > that became law.**** > > **** > > Jon**** > > On Mon, Mar 5, 2012 at 8:12 AM, Ziots, Edward <[email protected]> wrote: > **** > > Not sure if anyone on the list is responsible for Vul Scanning in their > organizations/business or Pen testing there systems, but it still blows my > mind that we have folks out there providing services to organizations and > business calling the output from a Qualys or Nessus vulnerability scanner a > Pen-test. I am current been going through someone else work for about 1.5 > weeks validating the scanners findings on the systems, so I can get working > on slimming down a 225 page report to something that is realistic and > achievable. **** > > **** > > Sorry about the rant, it isn’t how I wanted to start my Monday morning. ** > ** > > **** > > Z**** > > **** > > Edward Ziots**** > > CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected]**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
