This question strikes me as being the classic trick question. Any answer you give will be wrong, because they aren't really asking the correct question (on purpose?) that they want the answer to. My cynicism (developed from working with a school district) is that this question is intimately tied to e-rate finds, and what is being done to prevent unfiltered access to the internet. It's unlikely any school district has enough infrastructure in place in all schools to handle this "problem." However, my guess the solution to the "problem" is some sort of external filtering (for the entire district), and if you don't answer the question correctly, well thanks for playing. This came up a time or two in WV, until the state implmented state-wide filtering at the request of dozens of counties.
That being said, some ways you can actually take some steps to mitigate the problem, and Ben Scott's response came through as I was drafting my response. Since he had a more thorough treatment, I'll +1 him. On Mon, Mar 30, 2009 at 3:33 PM, Kurt Buff <[email protected]> wrote: > On Mon, Mar 30, 2009 at 08:31, John Hornbuckle > <[email protected]> wrote: > > The Auditor General's office has asked us how we prevent the introduction > of unauthorized DHCP/DNS servers on our network. > > > > Well, we kinda don't. > > > > How do you guys accomplish this? From the research I've done, there's no > easy way to do it. > > I'm guessing a good sweep regularly with nmap might help, but these > articles describe some interesting utilities: > > > http://searchsecurity.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid14_gci1174495,00.html > > http://lists.sans.org/pipermail/unisog/2002-April/020295.html > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
