[unisog] Network Access Control

Zachary Spalding Zachary.Spalding at Marist.edu
Mon Oct 17 17:55:51 GMT 2005


Eric,

While Marist is not using the CCA product we do have a very similar  
system in place that was home grown.  I developed our current  
solution in the fall of 2003 to deal with the virus/patch issue for  
the students; it was later expanded to the faculty/staff population  
in the spring of 2004.  At the moment we require any computer  
accessing the campus network to have certain critical patches  
installed for network access.  At the moment we also require it of  
guest accessing the network but I am looking into lacking that policy  
and placing guest in a very restrictive VLAN instead.  This fall we  
also require all students to run a copy of McAfee Antivirus that we  
purchased for the campus, students that do not run our version of  
McAfee will not be permitted on the network.  We also have an idle  
policy that if your machine has not been seen on the network for  
several days you must go through the registration process to make  
sure you are still secure.  But I am currently looking at replacing  
are current system with CCA or possibly the NAC framework depending  
on how that product develops.



Zachary Spalding            Zachary.Spalding at Marist.edu
Network Security Analyst        Phone: (845)575-3175
Information Technology
Marist College



On Oct 17, 2005, at 12:12 PM, Eric Weakland wrote:

> I am interested in learning how many other schools are using Cisco  
> Clean
> Access product to require a  minimum level of standards for virus
> protection, antispyware, OS and application patches/updates?  How  
> many are
> using another product?
>
> I am hoping to pull together some quick facts to inform one of our  
> faculty
> governing bodies, who believes that other large universities are not
> requiring such security standards on their networks.
>
> At American University, we implemented CCA within our residence  
> halls this
> Fall.  Already, we have seen dramatic results; virus and spyware
> infections have dropped by 40% campuswide.  We plan to roll out CCA  
> to our
> faculty and staff within 2006, but are getting some resistance from
> faculty.
>
> Your information will help to educate them, that we are all facing  
> similar
> challenges.  Thank you, and I am happy to share my results of this  
> quick
> survey.
>
> Eric Weakland, CISSP
> Director, Network Security
> Office of Information Technology (IT)
> American University
> eric at american.edu
> 202.885.2241
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
>



More information about the unisog mailing list