Buy Microsoft Office Home & Student
Networking & wireless: Blocking administrative access while on network
Blocking administrative access while on network
by sirryan82 - 8/14/07 5:03 PMI will be going to college this year and had a question. I got a letter today from our IT administrator saying we had to have Norton installed to be granted full internet access. However, my question is, how do they know if we have Norton installed? I've searched and searched for ways to block outside access, but it's mostly been firewall suggestions.
I have Windows XP Home, so I *think* I don't have to worry about administrative shares. I have no shared folders, a 10 character password on my guest account (which is disabled anyway), a very complex password on my personal account, and a software firewall.
We're not allowed to have other devices (such as routers, etc.) hooked up (which also leaves me questioning how they would know, unless I broadcast a wireless SSID, which I could not broadcast). Is there anything else I need to do? Thank you!
Such a small price to pay
by PudgyOne - 8/14/07 10:53 PM In reply to: Blocking administrative access while on network by sirryan82to get internet access. It may slow down your computer but you'll have full internet access.
With my computer, I can see connections and they say SSID not broadcast. When you don't broadcast your SSID, you have connection problems.
Rick
I really don't think it's possible
by Ck87.JF - 8/15/07 9:41 AM In reply to: Blocking administrative access while on network by sirryan82Seems to me that the IT department is just trying to scare you. Don't take my word for it, but there's NO way I can think of that they could possibly discover what software is on your machine, besides looking at it.
And, what of the people who go to your school and use either Linux or Mac machines?
And besides, what qualifies as full Internet access, as opposed to limited?
NAC capabilities?
by sirryan82 - 8/15/07 1:56 PM In reply to: I really don't think it's possible by Ck87.JFI'm not sure what limited vs. full internet access would be either. And I really don't have a problem with putting the software on my computer, I'm more just curious. Could they use something like an NAC (if I researched right, that checks any computer that tries to send traffic through it against a policy and if it doesn't pass that policy, it will block the outbound traffic)? But even then, how can the NAC get access to my computer to check for software?
Thanks for the help!
nac
by Ck87.JF - 8/15/07 7:11 PM In reply to: NAC capabilities? by sirryan82I read about it, and I think all it does to check for "policy agreement" is various network protocols & such. I don't think that has anything to do with software installed upon the computer.
And, Norton sucks ... it's a resource hog, and creates problems with the system ... use Grisoft AVG Antivirus (free edition) if you want some protection - they're good.
Symantec
by sirryan82 - 8/15/07 7:24 PM In reply to: nac by Ck87.JFRight, I personally use AVG now (and don't want to change), but I don't think it's Norton. I believe it's a corporate "light" version of some Symantec antivirus, but I'm not sure. The only other thing I could think of...
Would this Symantec antivirus (whether it's Norton or something else) put in some bits of data in the outbound packets that the NAC can check before allowing it to go through the firewall?
re: check with them
by Ck87.JF - 8/16/07 7:25 AM In reply to: I would check by PudgyOneRick; are you saying check with them whether AVG is okay or not?
They probably specifically asked the students to use Norton, because they believe it's the best, no matter the truth.
Anyway, any one have any knowledge upon whether it is or is not possible for the software to alter/add bits of outbound data? I'd think not, but so far everything I've said is a statement of opinion, not solid knowledge.
I am NOT high tech enough
by PudgyOne - 8/16/07 10:55 AM In reply to: re: check with them by Ck87.JFto say this but
If they have things set up the way they want to, then can control inbound and outbound traffic. Outlook has a feature and you cannot get certain types of files. I think the administrator can control this. I just wonder what the difference is between limited and full access.
As for using a router, like I said, I can see the wireless network, just can tell the SSID, however, I can right click on the connection and see what channel they are using and I can even see the BSSID. Since it includes a Mac address, I guess this is where they can block the router from access.
Rick
re: control traffic, outlook, router
by Ck87.JF - 8/16/07 7:01 PM In reply to: I am NOT high tech enough by PudgyOneYes, they can control traffic, cut off access to certain ports, all that.
You speak of Outlook having the ability to block access to stuff. Problem is, that's software, and the school has no control over the student's software. Even if controlling Outlook was an option, what if the student decided to use web-based mail, or maybe Mozilla Thunderbird?
Router ... as far as I know, there's no way the netadmins would know if the student is using a router, especially if wireless is turned off. As far as blocking the router's MAC address, all you have to do is change the address to something else. In fact, I did this to my own router, to get it to work on my home cable broadband (I made the router's MAC identical to my PC's).
Anyway, why does the school not want routers? That seems silly. Is the Internet only accessible to some of the students?
I still don't really know if it'd be possible to detect whether individual pieces of software are installed on a PC or not - UNLESS the network administrators put a little piece of spyware on the student's machine! I wonder if that's what they do? The spyware could potentially report what software the student has on the computer, and if it finds limewire, calls the cops or something.
So, what if that student uses linux (or even mac) instead?
Control
by sirryan82 - 8/17/07 2:13 PM In reply to: re: control traffic, outlook, router by Ck87.JF"They probably specifically asked the students to use Norton, because they believe it's the best, no matter the truth."
Turns out it's not Norton but "Symantec Antivirus" which is a very light antivirus program.
"Outlook has a feature and you cannot get certain types of files. I think the administrator can control this."
I can see how an administrator can control lots of things if they're on a domain, but I would be on a separate workgroup. I will agree that administrators can control any internet (inbound/outbound traffic, ports, etc.) through firewalls and NACs and that's understandable, but to have access to the software confuses me. The school says they don't want routers because "they utilize the same frequency as the wireless network and can cause interference" but I doubt they use 11 channels for their wireless.
Anyway, I might ask the administrators when I show up. I wouldn't think they'd install spyware but crazier things have happened.
symantec/norton school admins
by Ck87.JF - 8/18/07 9:08 AM In reply to: Control by sirryan82I think symantec and norton are the same thing, but then again, I'm not too sure because I haven't used it ... though I've seen it and it seems to run a lot of stuff.
Yeah, it'd be good to ask your admins, see what they say.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
