Educause Security Discussion mailing list archives
Re: Cisco Clean Access & Impulse Point...
From: Dave Koontz <dkoontz () MBC EDU>
Date: Tue, 19 Jul 2005 13:10:09 -0400
Thanks for taking time to post a reply both here and another to me personally. It does make me feel a little better, however I think it also highlights what someone else here posted... Cisco's people don't seem to know anything about this product nor the direction it is heading. I will respond with my issues to you directly off list. _____ From: Atif Azim (atif) [mailto:atif () CISCO COM] Sent: Monday, July 18, 2005 11:45 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point... Here at the Cisco Clean Access team, we were concerned to hear recent comments on functionality, perceived longevity of the Clean Access product (formerly Perfigo CleanMachines) and Cisco's maintenance fees. Cisco Clean Access (CCA), also known as the NAC Appliance, is an integral part of the Cisco Network Admission Control (NAC) initiative and we will continue to expand the options and choices available to our customers. New Features Since the acquisition, we've introduced the out-of-band deployment option, Layer 3 support, VPN/remote user support, and special licensing for smaller deployments. We have also added support for over 50 anti-virus products (and growing) in the preconfigured Clean Access checks to address multi- AV product requirements in campuses. http://newsroom.cisco.com/dlls/2005/prod_042505.html http://newsroom.cisco.com/dlls/2005/prod_071105.html Upcoming Features This fall, we will introduce an appliance offering that enhances our existing software product line. We will also be adding built-in support for spyware blockers and personal firewalls similar to the existing AV support. Maintenance and Support We understand your concerns, support hours are now priced for 7 * 24 access and additionally you will see a program that addresses the increase in maintenance costs for contracts that pre-date the acquisition. Please know that we're continuing to work for you, and we value your feedback. Regards, Atif Azim Cisco Clean Access _____ From: Dave Koontz [mailto:dkoontz () MBC EDU] Sent: Sunday, July 17, 2005 12:27 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point... I am also curious about their pricing model as well. Since Cisco took over Perfigo, our annual maintenance fee went up over 400%! To add salt to the wound, they also completely removed the VPN client and functionality from the device in favor of their own VPN Concentrator... at of course significantly higher fees. We used this feature for our Wireless clients. I believe Cisco only purchased Perfigo because of their market penetration. In the several talks with our Cisco sales and tech reps, it seems pretty clear that Cisco has no real vision of this product in their future, it is only a stepping stone to get everyone converted to their more costly NCA product line... which is not only more expensive but also requires Cisco switches end-to-end. We looked at Cisco's Security Agent before purchasing Perfigo... not only did it not do everything we needed, but had a cost of over $80 per student. Their purchase of Perfigo seems only to be a way for Cisco to come back and force colleges to pay their outrageous fees and to squash any cheaper competition... ala Microsoft tactics. We have now resigned ourselves to find another solution.. .and perhaps Impulse or another vendor is our ticket. If anyone has other solutions they are using, please let me know. _____ From: Schmitt, Dianne [mailto:dschmitt () JJC EDU] Sent: Friday, July 15, 2005 5:43 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point... What pricing do they offer, better than Clean Access? Dianne Schmitt Assoc VP Information Technology Joliet Junior College 1215 Houbolt Rd. Joliet, IL 60431-8938 Phone: 815.280.6641 Fax: 815.280.2668 _____ From: Gibbs, Aaron M. [mailto:AMGibbs () ST-AUG EDU] Sent: Thursday, July 14, 2005 4:49 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point... We're looking at implementing Impulses device. We looked at the Bradford Campus Manager, which has great functionality. However, Impulse Point also has great functionality that is similar to the Campus Manager coupled with a good price point. I'd be interested also in knowing others experiences with Impulse Point. Aaron M Gibbs Interim Vice President/CIO Center for Information Technology St. Augustine's College 919-516-4379 (Office) 919-516-4382 (Fax) amgibbs () st-aug edu www.st-aug.edu -----Original Message----- From: Michael Cole [mailto:mcole () CLARKU EDU] Sent: Thursday, July 14, 2005 3:58 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point... FYI for the list: We've been using a product called Campus Manager to the past few years from Bradford networks, www.bradfordnetworks.com they're a small start up in NH but they've been growing and have an awesome product that sits off line and is very flexible in what it can do based on what you want/need. It does both network registration and remediation/quarantine functions. It's worth looking into if your looking for a solution. We've been very happy with it. Mike Michael A. Cole Network Engineer, Information Technology Services Clark University, Worcester MA 01610 508.793.7772 Mcole () clarku edu -----Original Message----- From: Mark Staples [mailto:mstaples () MAIL MCG EDU] Sent: Thursday, July 14, 2005 3:41 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Cisco Clean Access & Impulse Point... Anyone pilot both CCA and Impulse Point (http://www.impulse.com/)? Impulse Point was designed for higher ed and is priced very attractively. So far, we've only seen presentations and nothing live. Any feedback would be great. Mark ----- Mark Staples Director of Information Security/Chief Information Security Officer IT Research Liaison Medical College of Georgia Office: 706-721-1577 mstaples () mcg edu -------- All information in the communication, including attachments, is strictly confidential and intended solely for delivery to the addressee(s) identified above (ie, To/cc/bc), and may contain privileged, confidential, proprietary and /or intellectual property entitled to protection from disclosure under applicable law. If you are not the intended recipient, please take note that any use, distribution or copying of this communication is unauthorized and may be unlawful. If you have received this communication in error, please notify the sender, delete this correspondence from your computer, and destroy any printed copies of this communication.
franklin () TXSTATE EDU 07/14/05 3:13 PM >>>
This is a response from our network lead who implemented CCA a month or so ago: I got tired of trying to keep up with the IP's used for windows update. Using the host names is much better, but even then it's a moving target. Microsoft sometimes adds new sub domains and in the latest version of the update page it's a url under microsoft.com. We are allowing traffic to everything ending in microsoft.com and g.msn.com. That way the updates always work (so far) and students can search for and download patches manually. There are cases when windows update claims that a machine is fully patched but it is still missing something. The helpdesk can tell what's missing from the reports and the student can search for KBxxxx and download and install it manually. Anders Engle Systems Programmer I Texas State University -----Original Message----- From: Flagg, Martin D. [mailto:FlaggMD () HIRAM EDU] <mailto:FlaggMD () HIRAM EDU%5d> Sent: Thursday, July 14, 2005 1:13 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Windows Updates and Cisco Clean Access We are implementing Cisco Clean Access (formally Perfigo). It has gone really well but we keep coming up with problems with Windows Update, it fails because CCA is blocking the IP. When this happens, I use a sniffer and add the new IP address that Microsoft is using and then it works, until they change address's again. Cisco says use the Host setting allowing requests that end in "update.microsoft.com". This does not always work. I am really at a loss because it works for 95% of the machines but I can not afford to have 5% of the students in my office when they get back from the summer. Any Ideas? Martin Flagg Hiram College
Current thread:
- Re: Cisco Clean Access & Impulse Point..., (continued)
- Re: Cisco Clean Access & Impulse Point... Michael Cole (Jul 14)
- Re: Cisco Clean Access & Impulse Point... Chris Boniforti - Lynn University (Jul 14)
- Re: Cisco Clean Access & Impulse Point... Chad McDonald (Jul 14)
- Re: Cisco Clean Access & Impulse Point... Gibbs, Aaron M. (Jul 14)
- Re: Cisco Clean Access & Impulse Point... Schmitt, Dianne (Jul 15)
- Re: Cisco Clean Access & Impulse Point... Dave Koontz (Jul 17)
- Re: Cisco Clean Access & Impulse Point... chad.mcdonald () gcsu edu (Jul 17)
- Re: Cisco Clean Access & Impulse Point... Michael Grinnell (Jul 18)
- Re: Cisco Clean Access & Impulse Point... Atif Azim (atif) (Jul 18)
- Re: Cisco Clean Access & Impulse Point... Gibbs, Aaron M. (Jul 19)
- Re: Cisco Clean Access & Impulse Point... Dave Koontz (Jul 19)
- Re: Cisco Clean Access & Impulse Point... Doug Sandford (Jul 19)
- Re: Cisco Clean Access & Impulse Point... Lee Weers (Jul 19)
- Re: Cisco Clean Access & Impulse Point... Chad McDonald (Jul 19)
- Re: Cisco Clean Access & Impulse Point... WILLIAM I. ARNOLD (Jul 20)
- Re: Cisco Clean Access & Impulse Point... George (Jul 20)
- Re: Cisco Clean Access & Impulse Point... John Stauffacher (Aug 26)