On Sat, 27 Sep 2003, Karl DeBisschop <[EMAIL PROTECTED]> wrote: > On Fri, 2003-09-26 at 22:57, Paul Schmehl wrote: > > > We're working on a "jail vlan" concept now, where "evil" computers go. > > Maybe this concept is already widely in use at academia. If it is not, > it may soon be.
We've been using the concept here for 2-3 years, and it has worked well. We call ours the "black hole". :-) We only allow machines in the black hole to access MS Update, our virus vendor's site, and other places where the student can get the tools (s)he needs to fix the computer. As Paul said, we can't work on their computers; it has to be self-help (or a paid outside company). Over time we are making improvements toward increased detection of infected computers and automatic placement into the black hole. At the beginning it was mostly manual which is a lot of work. When the recent Nachi/Welchia/Sobig.f wave hit we had some incentive to invest more time in automated detection. Educational institutions that are interested in this concept might want to look into the RESNET-L mailing list; topics like this that are relevant to the ResNet environment are discussed there regularly. http://LISTSERV.ND.EDU/archives/resnet-l.html -- Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html * Fast pipe * Always on * Get out of the way - Tim Bray http://tinyurl.com/7sti _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html