Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco Clean Access & Impulse Point...

From: "Atif Azim (atif)" <atif () CISCO COM>
Date: Mon, 18 Jul 2005 20:45:11 -0700
Here at the Cisco Clean Access team, we were concerned to hear recent
comments on functionality, perceived longevity of the Clean Access
product (formerly Perfigo CleanMachines) and Cisco's maintenance fees.
 
Cisco Clean Access (CCA), also known as the NAC Appliance, is an
integral part of the Cisco Network Admission Control (NAC) initiative
and we will continue to expand the options and choices available to our
customers.
 
New Features
 
Since the acquisition, we've introduced the out-of-band deployment
option, Layer 3 support, VPN/remote user support, and special licensing
for smaller deployments.  We have also added support for over 50
anti-virus products (and growing) in the preconfigured Clean Access
checks to address multi- AV product requirements in campuses.
 
http://newsroom.cisco.com/dlls/2005/prod_042505.html
 
http://newsroom.cisco.com/dlls/2005/prod_071105.html
 
Upcoming Features
 
This fall, we will introduce an appliance offering that enhances our
existing software product line. We will also be adding built-in support
for spyware blockers and personal firewalls similar to the existing AV
support.
 
Maintenance and Support
 
We understand your concerns, support hours are now priced for 7 * 24
access and additionally you will see a program that addresses the
increase in maintenance costs for contracts that pre-date the
acquisition. 
 
Please know that we're continuing to work for you, and we value your
feedback. 
 
Regards,
 
Atif Azim
Cisco Clean Access

________________________________

From: Dave Koontz [mailto:dkoontz () MBC EDU] 
Sent: Sunday, July 17, 2005 12:27 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point...


I am also curious about their pricing model as well.
 
Since Cisco took over Perfigo, our annual maintenance fee went up over
400%!  To add salt to the wound, they also completely removed the VPN
client and functionality from the device in favor of their own VPN
Concentrator... at of course significantly higher fees.  We used this
feature for our Wireless clients.
 
I believe Cisco only purchased Perfigo because of their market
penetration.  In the several talks with our Cisco sales and tech reps,
it seems pretty clear that Cisco has no real vision of this product in
their future, it is only a stepping stone to get everyone converted to
their more costly NCA product line... which is not only more expensive
but also requires Cisco switches end-to-end.  We looked at Cisco's
Security Agent before purchasing Perfigo... not only did it not do
everything we needed, but had a cost of over $80 per student.  Their
purchase of Perfigo seems only to be a way for Cisco to come back and
force colleges to pay their outrageous fees and to squash any cheaper
competition... ala Microsoft tactics.
 
We have now resigned ourselves to find another solution.. .and perhaps
Impulse or another vendor is our ticket.  If anyone has other solutions
they are using, please let me know.

________________________________

From: Schmitt, Dianne [mailto:dschmitt () JJC EDU] 
Sent: Friday, July 15, 2005 5:43 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point...



What pricing do they offer, better than Clean Access?

 

Dianne Schmitt

 

Assoc VP Information Technology

Joliet Junior College

1215 Houbolt Rd.

Joliet, IL 60431-8938

 

Phone:  815.280.6641

Fax:  815.280.2668

________________________________

From: Gibbs, Aaron M. [mailto:AMGibbs () ST-AUG EDU] 
Sent: Thursday, July 14, 2005 4:49 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point...

 

We're looking at implementing Impulses device. We looked at the Bradford
Campus Manager, which has great functionality. However, Impulse Point
also has great functionality that is similar to the Campus Manager
coupled with a good price point. I'd be interested also in knowing
others experiences with Impulse Point.

 

Aaron M Gibbs 
Interim Vice President/CIO 
Center for Information Technology 
St. Augustine's College 
919-516-4379 (Office) 
919-516-4382 (Fax) 
amgibbs () st-aug edu 
www.st-aug.edu 

        -----Original Message-----
        From: Michael Cole [mailto:mcole () CLARKU EDU]
        Sent: Thursday, July 14, 2005 3:58 PM
        To: SECURITY () LISTSERV EDUCAUSE EDU
        Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point...

        FYI for the list:

         

            We've been using a product called Campus Manager to the past
few years from Bradford networks, www.bradfordnetworks.com  they're a
small start up in NH but they've been growing and have an awesome
product that sits off line and is very flexible in what it can do based
on what you want/need.  It does both network registration and
remediation/quarantine functions.  It's worth looking into if your
looking for a solution.  We've been very happy with it.

         

        Mike

         

        Michael A. Cole 
        Network Engineer, Information Technology Services 
        Clark University, Worcester MA  01610 
        508.793.7772 
        Mcole () clarku edu 

                -----Original Message-----
                From: Mark Staples [mailto:mstaples () MAIL MCG EDU]
                Sent: Thursday, July 14, 2005 3:41 PM
                To: SECURITY () LISTSERV EDUCAUSE EDU
                Subject: [SECURITY] Cisco Clean Access & Impulse
Point...

                Anyone pilot both CCA and Impulse Point
(http://www.impulse.com/)?  Impulse Point was designed for higher ed and
is priced very attractively.  So far, we've only seen presentations and
nothing live.

                Any feedback would be great.

                 

                Mark

                 

                -----
                Mark Staples
                Director of Information Security/Chief Information
Security Officer
                IT Research Liaison
                Medical College of Georgia
                Office: 706-721-1577
                mstaples () mcg edu

                 

                --------

                 

                All information in the communication, including
attachments, is strictly confidential and intended solely for delivery
to the addressee(s) identified above (ie, To/cc/bc), and may contain
privileged, confidential, proprietary and /or intellectual property
entitled to protection from disclosure under applicable law.  If you are
not the intended recipient, please take note that any use, distribution
or copying of this communication is unauthorized and may be unlawful.
If you have received this communication in error, please notify the
sender, delete this correspondence from your computer, and destroy any
printed copies of this communication.

                
                >>> franklin () TXSTATE EDU 07/14/05 3:13 PM >>>

                This is a response from our network lead who implemented
CCA a month or
                so ago:
                
                I got tired of trying to keep up with the IP's used for
windows update.
                Using the host names is much better, but even then it's
a moving target.
                Microsoft sometimes adds new sub domains and in the
latest version of
                the update page it's a url under microsoft.com.
                
                We are allowing traffic to everything ending in
microsoft.com and
                g.msn.com. That way the updates always work (so far) and
students can
                search for and download patches manually. There are
cases when windows
                update claims that a machine is fully patched but it is
still missing
                something. The helpdesk can tell what's missing from the
reports and the
                student can search for KBxxxx and download and install
it manually.
                
                Anders Engle
                Systems Programmer I
                Texas State University
                
                -----Original Message-----
                From: Flagg, Martin D. [mailto:FlaggMD () HIRAM EDU]
<mailto:FlaggMD () HIRAM EDU%5d>  
                Sent: Thursday, July 14, 2005 1:13 PM
                To: SECURITY () LISTSERV EDUCAUSE EDU
                Subject: [SECURITY] Windows Updates and Cisco Clean
Access
                
                
                We are implementing Cisco Clean Access (formally
Perfigo).  It has gone
                really well but we keep coming up with problems with
Windows Update, it
                fails because CCA is blocking the IP.  When this
happens, I use a
                sniffer and add the new IP address that Microsoft is
using and then it
                works, until they change address's again.  Cisco says
use the Host
                setting allowing requests that end in
"update.microsoft.com".  This does
                not always work.
                
                I am really at a loss because it works for 95% of the
machines but I can
                not afford to have 5% of the students in my office when
they get back
                from the summer.
                
                Any Ideas?
                
                Martin Flagg
                Hiram College
Previous By Date Next
Previous By Thread Next

Current thread: