Nessus is a tool that hits each computer on the network and checks for numerous possible security vulnerabilities. The data is parsed into SQL and Help Desk staff visit and repair vulnerable computers. Details on Nessus are available at the Nessus web site.

Update Expert is a tool for installing Windows patches on computers through the network. Update Expert allows us to test patches before releasing them to campus. It also allows us to release large patches to blocks of computers to avoid resource conflicts on the network. Details on Update Expert are available at the Update Expert web site.

SUS or Software Update Services allows us to redirect the Windows Update feature from Microsoft’s default servers to our own campus server. This allows us to customize the scheduling of patch installation. This works in conjunction with Update Expert to allow us to test patches on computers before campuswide release. Microsoft's Software Update page.

In addition to these commercial products, we created a custom security template that we apply through Active Directory. A security template is a group of security settings that is applied to groups of computers. These settings include rules for local user accounts, restrictions to prevent certain programs from running, and tighter controls on how computers can be accessed through the network. The template was created based on the Guide to Securing Microsoft Windows XP from the National Security Agency. Details are available at NSA's Security Configuration Guides page.