Re: NAC devices - opinions sought

["Walter E. Petruska" <wpetruska () USFCA EDU>]

USF implemented Cisco NAC (CCA) beginning about 7 months ago.  So far,
so good- although getting support for foreign language versions of OS
and A/V has left us challenged on more than one occasion.

We're implementing the product slowly, with our ResNet being the first
target.  We're doing two floors of two ResHalls at a time- so that we
can have the Help Desk and Computer Support folks focus on the impact as
it hits the users.  By the end of this year, we'll have all the ResNet
connections behind the product. Like others, I can't imagine NOT having
this product or another solution in place.  The sheer quantity of 'crud'
that students have removed from their computers is astonishing.

We're also implementing a pilot to place USF Wireless network behind the
Cisco NAC, to facilitate authentication, cleaning and monitoring of our
wireless computing devices.  Being an open, urban campus, we've got MANY
folks coming and going- and we'd like to see their computers cleaned up
and secure as well.

Walter Petruska

Information Security Officer

University of San Francisco

 

________________________________

From: David Boyer [mailto:David () BVU EDU] 
Sent: Friday, February 16, 2007 2:50 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] NAC devices - opinions sought

 

Anyone familiar with Ciscos Network Admission Control (formerly Cisco
Clean Access, formerly Perfigo), Juniper Infranet, Symantec Network
Access Control or similar software/appliances?

 

Like many schools, we have a 1:1 ration of computers to students. We'd
like to avoid letting vulnerable or malware-infected systems onto our
network while simultaneously addressing the infection or vulnerability.
Almost all of our systems are running Windows XP or Windows 2000.

 

I'd be interested in hearing about your experiences with these or
similar solutions. Any open-source solutions that you know of?

 

Thanks in advance,

 

David Boyer

Buena Vista University