Networking & Wireless forum

General discussion

Blocking administrative access while on network

by sirryan82-21181099553112296184107545618032 / August 14, 2007 10:03 AM PDT

I will be going to college this year and had a question. I got a letter today from our IT administrator saying we had to have Norton installed to be granted full internet access. However, my question is, how do they know if we have Norton installed? I've searched and searched for ways to block outside access, but it's mostly been firewall suggestions.

I have Windows XP Home, so I *think* I don't have to worry about administrative shares. I have no shared folders, a 10 character password on my guest account (which is disabled anyway), a very complex password on my personal account, and a software firewall.

We're not allowed to have other devices (such as routers, etc.) hooked up (which also leaves me questioning how they would know, unless I broadcast a wireless SSID, which I could not broadcast). Is there anything else I need to do? Thank you!

Discussion is locked
You are posting a reply to: Blocking administrative access while on network
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Blocking administrative access while on network
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Such a small price to pay
by PudgyOne / August 14, 2007 3:53 PM PDT

to get internet access. It may slow down your computer but you'll have full internet access.

With my computer, I can see connections and they say SSID not broadcast. When you don't broadcast your SSID, you have connection problems.


Rick

Collapse -
I really don't think it's possible
by Ck87.JF / August 15, 2007 2:41 AM PDT

Seems to me that the IT department is just trying to scare you. Don't take my word for it, but there's NO way I can think of that they could possibly discover what software is on your machine, besides looking at it.
And, what of the people who go to your school and use either Linux or Mac machines?


And besides, what qualifies as full Internet access, as opposed to limited?

Collapse -
NAC capabilities?

I'm not sure what limited vs. full internet access would be either. And I really don't have a problem with putting the software on my computer, I'm more just curious. Could they use something like an NAC (if I researched right, that checks any computer that tries to send traffic through it against a policy and if it doesn't pass that policy, it will block the outbound traffic)? But even then, how can the NAC get access to my computer to check for software?

Thanks for the help!

Collapse -
nac
by Ck87.JF / August 15, 2007 12:11 PM PDT
In reply to: NAC capabilities?

I read about it, and I think all it does to check for "policy agreement" is various network protocols & such. I don't think that has anything to do with software installed upon the computer.

And, Norton sucks ... it's a resource hog, and creates problems with the system ... use Grisoft AVG Antivirus (free edition) if you want some protection - they're good.

Collapse -
Symantec
by sirryan82-21181099553112296184107545618032 / August 15, 2007 12:24 PM PDT
In reply to: nac

Right, I personally use AVG now (and don't want to change), but I don't think it's Norton. I believe it's a corporate "light" version of some Symantec antivirus, but I'm not sure. The only other thing I could think of...

Would this Symantec antivirus (whether it's Norton or something else) put in some bits of data in the outbound packets that the NAC can check before allowing it to go through the firewall?

Collapse -
I would check
by PudgyOne / August 15, 2007 1:52 PM PDT
In reply to: Symantec

with them. If there is virus protection, this might satify their requests.


Rick

Collapse -
re: check with them
by Ck87.JF / August 16, 2007 12:25 AM PDT
In reply to: I would check

Rick; are you saying check with them whether AVG is okay or not?
They probably specifically asked the students to use Norton, because they believe it's the best, no matter the truth.

Anyway, any one have any knowledge upon whether it is or is not possible for the software to alter/add bits of outbound data? I'd think not, but so far everything I've said is a statement of opinion, not solid knowledge.

Collapse -
I am NOT high tech enough
by PudgyOne / August 16, 2007 3:55 AM PDT
In reply to: re: check with them

to say this but

If they have things set up the way they want to, then can control inbound and outbound traffic. Outlook has a feature and you cannot get certain types of files. I think the administrator can control this. I just wonder what the difference is between limited and full access.

As for using a router, like I said, I can see the wireless network, just can tell the SSID, however, I can right click on the connection and see what channel they are using and I can even see the BSSID. Since it includes a Mac address, I guess this is where they can block the router from access.


Rick

Collapse -
re: control traffic, outlook, router
by Ck87.JF / August 16, 2007 12:01 PM PDT

Yes, they can control traffic, cut off access to certain ports, all that.

You speak of Outlook having the ability to block access to stuff. Problem is, that's software, and the school has no control over the student's software. Even if controlling Outlook was an option, what if the student decided to use web-based mail, or maybe Mozilla Thunderbird?

Router ... as far as I know, there's no way the netadmins would know if the student is using a router, especially if wireless is turned off. As far as blocking the router's MAC address, all you have to do is change the address to something else. In fact, I did this to my own router, to get it to work on my home cable broadband (I made the router's MAC identical to my PC's).


Anyway, why does the school not want routers? That seems silly. Is the Internet only accessible to some of the students?


I still don't really know if it'd be possible to detect whether individual pieces of software are installed on a PC or not - UNLESS the network administrators put a little piece of spyware on the student's machine! I wonder if that's what they do? The spyware could potentially report what software the student has on the computer, and if it finds limewire, calls the cops or something.
So, what if that student uses linux (or even mac) instead?

Collapse -
Control

"They probably specifically asked the students to use Norton, because they believe it's the best, no matter the truth."

Turns out it's not Norton but "Symantec Antivirus" which is a very light antivirus program.

"Outlook has a feature and you cannot get certain types of files. I think the administrator can control this."

I can see how an administrator can control lots of things if they're on a domain, but I would be on a separate workgroup. I will agree that administrators can control any internet (inbound/outbound traffic, ports, etc.) through firewalls and NACs and that's understandable, but to have access to the software confuses me. The school says they don't want routers because "they utilize the same frequency as the wireless network and can cause interference" but I doubt they use 11 channels for their wireless.

Anyway, I might ask the administrators when I show up. I wouldn't think they'd install spyware but crazier things have happened.

Collapse -
symantec/norton school admins
by Ck87.JF / August 18, 2007 2:08 AM PDT
In reply to: Control

I think symantec and norton are the same thing, but then again, I'm not too sure because I haven't used it ... though I've seen it and it seems to run a lot of stuff.

Yeah, it'd be good to ask your admins, see what they say.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?