How to detect an unauthorized OS on a network

I want to be able to detect different operating systems on my network. We have about 1900 users with 1500 of them using laptops. We are a Win2K site and I want to be able to detect non Win2K OS on the network. Do you have any suggestions?

I do not know of any foolproof way to do this. The Nmap tool (http://www.insure.org) has an OS identification capability built in, but it is not perfect. In fact, if the computers are secured properly, it should be very difficult, if not impossible, to determine what operating system is being used, simply by outside observation. With Win2K, there may be a way that you can use the Active Directory along with the Certification Authority (CA) to set up a CA that will issue certificates to workstations on your network. You could then limit logins to only machines that have a valid certificate from your CA. It has been a while since I've used Win2K, so perhaps one of our readers could test this solution and verify that it could work or not.

For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Infrastructure and Network Security
Best Web Links: Securing Microsoft Applications

This was first published in May 2002

Dig Deeper on Network Behavior Anomaly Detection (NBAD)



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: