[SECURITY]

[Kevin Wilcox <wilcoxkm () APPSTATE EDU>]

Disclaimer: my comments are not reflective of the views of my
employer, department or, to my knowledge, anyone but myself

On Fri, Mar 11, 2011 at 2:03 PM, Valdis Kletnieks
<Valdis.Kletnieks () vt edu> wrote:

> On Fri, 11 Mar 2011 18:45:14 GMT, Russ Leathe said:

> > Do you maintain a NAC? We prevent certain users from accessing our network
> > if the have xyz app loaded on their PC.

> Do you check if the XYZ app is actually running, or merely installed?  It would
> suck for the user to be denied access because they have Connectify  (or
> whatever) installed because they use it at some *other* location.

Or because they have QEmu, VMWare Player, VMWare Fusion, Parallels,
VMWare Server, HyperV or a host of others installed (because they can
all accomplish the same thing, it's just a few more steps). Or because
they're running any of the BSDs or Linux with ifconfig, su access and
a supported wireless card, because that's really all it takes to offer
wireless. Or, for that matter, because they couldn't afford a MS
Windows license for the laptop they bought with no OS and your NAC
doesn't run on their FreeBSD installation or on their recently patched
Linux install.

Obviously I am not a big fan of NAC for students...selective
faculty/staff cases, sure, but I'm not sold on the "benefits" of a
campus-wide deployment.

kmw

-- 
Kevin Wilcox GPEN, GCIH
Network Infrastructure and Control Systems
Appalachian State University
Email: wilcoxkm () appstate edu
Office: 828.262.6259