[unisog] Network Access Control

McNabb, Jim jmcnabb at truman.edu
Mon Oct 17 17:16:44 GMT 2005

At Truman State University we also implemented Cisco Clean Access for
all our residence halls this fall.  It's worked pretty well, but there
are some steep learning curves; especially for the users.

Many of our students didn't realize how often antivirus definitions
changed or Windows updates were released.  We initially had a lot of
calls from users who insisted Clean Access was wrong because they
updated their system yesterday and Clean Access was forcing them to
update their PC again today.

People also had a hard time grasping that Clean Access itself isn't an
antivirus or anti-spyware package; it itself doesn't stop hostile
activity.  Clean Access is only used to enforce University policies; all
Windows updates must be installed, an antivirus package must be
installed etc.

Some of our IT folks had trouble with grasping these concepts too.  

Clean Access isn't a "magic bullet" that's going to fix all the
problems; there will still be issues, but Clean Access will help keep
them down to manageable levels.

Setting user expectations properly (and often) is important.

	Jim M

Jim McNabb, Network Manager
Truman State University
100 East Normal - MC 107
Kirksville MO  63501

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Eric Weakland
Sent: Monday, October 17, 2005 11:12 AM
To: unisog at lists.sans.org
Subject: [unisog] Network Access Control

I am interested in learning how many other schools are using Cisco Clean

Access product to require a  minimum level of standards for virus 
protection, antispyware, OS and application patches/updates?  How many
using another product?

I am hoping to pull together some quick facts to inform one of our
governing bodies, who believes that other large universities are not 
requiring such security standards on their networks. 

At American University, we implemented CCA within our residence halls
Fall.  Already, we have seen dramatic results; virus and spyware 
infections have dropped by 40% campuswide.  We plan to roll out CCA to
faculty and staff within 2006, but are getting some resistance from 

Your information will help to educate them, that we are all facing
challenges.  Thank you, and I am happy to share my results of this quick


Eric Weakland, CISSP
Director, Network Security
Office of Information Technology (IT)
American University
eric at american.edu
unisog mailing list
unisog at lists.sans.org

More information about the unisog mailing list