G
Guest
Guest
Archived from groups: comp.security.firewalls (More info?)
Any input is appreciated!
We are a small college in Kansas and need a way to force our users in
the dormitories to install our McAfee VirusScan software. We won't be
able to physically install it, or put them into a domain. Here is our
plan so far.
We have created a silent install of VirusScan that runs a batch file
after completion. This batch file records the computer's MAC address
to a text file on a remote server. This server has a python script
that running frequently that can format the text file to our liking.
What we'd like is when the user first plugs in to our network and tries
to access a web site, they will get a default page (similar to what
most hotels have). This page will welcome them to our network and
provide a link to install the University supplied antivirus software.
After they approve the installation popups from their browser, they
would then have antivirus silently installed in the background. Their
computer would then automatically restart (via the batch file after
installation).
Now that their MAC address is in the text file on our server, we need
to allow them external network access. I've spoke with several people
about how to do this, but I'd really like more advice from others.
Right now our network looks like this:
4 T1's providing internet access to the "student network"
1 Tasman 1400 router (which is also the CSU for the T1's I think)
1 Cisco PIX 506E
Several Cisco 2900 series switches providing the network infrastructure
and a Windows 2000 DHCP server (which could also be a IIS web server)
We are prepared to build a new box to act as a proxy, firewall, or
router, which ever is needed. I'm not picky as to whether it is Linux
or Widnows.
We have a limited budget (almost $0).
If we can somehow get the PIX or tasman to redirect all trafic not
comming from MACs on our list to the web server with the download link,
then allow all traffic that IS on the MAC list, that would be perfect.
We just don't know how to set up a ACL or something that checks an
external list.
Any input is appreciated!
We are a small college in Kansas and need a way to force our users in
the dormitories to install our McAfee VirusScan software. We won't be
able to physically install it, or put them into a domain. Here is our
plan so far.
We have created a silent install of VirusScan that runs a batch file
after completion. This batch file records the computer's MAC address
to a text file on a remote server. This server has a python script
that running frequently that can format the text file to our liking.
What we'd like is when the user first plugs in to our network and tries
to access a web site, they will get a default page (similar to what
most hotels have). This page will welcome them to our network and
provide a link to install the University supplied antivirus software.
After they approve the installation popups from their browser, they
would then have antivirus silently installed in the background. Their
computer would then automatically restart (via the batch file after
installation).
Now that their MAC address is in the text file on our server, we need
to allow them external network access. I've spoke with several people
about how to do this, but I'd really like more advice from others.
Right now our network looks like this:
4 T1's providing internet access to the "student network"
1 Tasman 1400 router (which is also the CSU for the T1's I think)
1 Cisco PIX 506E
Several Cisco 2900 series switches providing the network infrastructure
and a Windows 2000 DHCP server (which could also be a IIS web server)
We are prepared to build a new box to act as a proxy, firewall, or
router, which ever is needed. I'm not picky as to whether it is Linux
or Widnows.
We have a limited budget (almost $0).
If we can somehow get the PIX or tasman to redirect all trafic not
comming from MACs on our list to the web server with the download link,
then allow all traffic that IS on the MAC list, that would be perfect.
We just don't know how to set up a ACL or something that checks an
external list.