[unisog] Network Acces systems?

Matt Ashfield mda at unb.ca
Tue Nov 22 15:19:12 GMT 2005

Thanks for the replies. I definitely have some good starting points.


As a follow-up question to those who HAVE implemented some form of these
systems, how are your users authenticated? Do they all need a client? Are
they using certificates? We'd like to get to a username/password
authentication (using 802.1x) scheme, but have run into the "clients" issue.
Windows has built-in clients for it, but unfortunately many of our windows
users log into Novell first, which does not have 802.1x support. 


Thanks for the feedback



mda at unb.ca



-----Original Message-----
From: Simon Kissler [mailto:Simon.Kissler at valpo.edu] 
Sent: November 19, 2005 3:48 PM
To: mda at unb.ca; UNIversity Security Operations Group
Subject: Re: [unisog] Network Acces systems?



we've just deployed Cisco Clean Access at the beginning of this semester and
are overall very satisfied with it. It has a small number of (to-be-expected
in any new implementation) quirks that we had to iron out, but we have been
mostly quite impressed with the product. We are a Cisco shop (not
exclusively, but we have about 40% Cisco elements in our network).

The implementation has cut down on the number of ill-maintained machines and
with it the resulting service calls for virus infection and other related
security incidents. It has also uncovered how few people were heeding our
policy to keep their systems updated. This was our primary aim in investing
in CCA. We have found that with its implementation we have also gained a
better view of usage patterns on our network and are using that information
now for strategic planning as well as short-term resource allocation. 

One thing that has been impressive in our experience has been the
responsiveness and quality of answers received from Cisco's support team for
this product as well as the usefulness of the user community through the
mailing list already mentioned.


Matt Ashfield wrote: 

We're in the process of researching our options as far as Network Access
systems go. Specifically, products like Bradford Campus Manager,
StillSecure, Sygate, Cisco CleanAccess (although we're not a cisco shop, so
probably not) or other varations.
We're looking for a system that can clean/scrub/quarantine bad machines and
do such a check on a regular basis. If it could be coupled with some form of
authentication, that would be bonus.
I'm just wondering if anyone out there has any experience with these
products on their campus, and if so, what have been the results so far.
Matt Ashfield
mda at unb.ca 
unisog mailing list
unisog at lists.sans.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20051122/6b80dfe8/attachment.htm

More information about the unisog mailing list