Message From CIO Lawrence Frederick
About The CIO
Faculty Resource Center
Google Apps for Higher Education
Student K Drive Migration
Instructional Support Services
Research Support and High Performance Computing
Technology Support Center
Video Technology Services
Starting in July of 2008 all devices connecting to the UMSL Computer Network must be registered through our Network Access Control System (NAC). NAC is an important part of network security. This system will give ITS a clear picture of the devices on the network and allow us to better control malicious events that may take place.
NAC is a system that inspects a computer before it is allowed on the regular network. It looks to see if the system meets our current security standards and has some basic security features like an up-to-date antivirus program. The first rollout was to the student residences in the fall of 2007. NAC is also used to control our wireless network "TritonNet".
In the past, we have experienced network outages and disruptions to classes because a user connected an infected/out-of-date laptop into our network. These systems will now be scanned and updated before they are allowed on our production network. NAC allows a user to patch and update their system to keep it secure and cut down on the downtime needed to take the system to the helpdesk.
The NAC system that we use is called Bradford Campus Manager. Here is how it works:
- When your system is first connected to the network it is automatically given an IP Address on a secure network.
- You then register your system by entering your SSO_ID and password. Information about the system is associated with your account.
- Your computer will then download and run a scan utility that looks at your operating system version (Windows or Mac), your antivirus software, and the patch level of your system (is is up-to-date?). Scans will be done regularly by the agent to ensure compliance.
- If your system passes the test, your computer is automatically switched to the production network and you can reboot the system and access the network.
- If your system fails, you will be directed to a page that has links to assist you in updating your system. You may need to go to microsoft and download and install updates. You may need to install and update your antivirus product. Because some Windows updates require a reboot, the system may have to be rebooted several times during the patching.
Frequently Asked Questions..........
Q. Will the NAC client software have any affect on my system?
A. No, this is a very small client that will not affect operations on your machine.
Q. Is any personal information or data sent to the NAC?
A. The only personal information that is sent to the NAC is your SSO_ID and Password and they are sent encrypted. The only other information sent deals with operating system and antivirus patches. No real personal information is sent.
Q. Why is this being done now?
A. We have been researching and testing tools for quite some time. A network access control system will greatly reduce the risk of worms and viruses getting on our campus network. It also allows us to account for our systems which is required for many of the legal and compliance issues we encounter.
Q. Do I need to register my home system for VPN?
A. No. We do not require home systems to be registered unless it is a laptop that you bring to campus. When you VPN in to campus, your system is put into a network that has limited access to system resources. The threat is not as big as if it is on campus. We are looking at a VPN netreg system for the future though.
Q. My system is not Windows or Apple based, how does this help me?
A.A Linux client will be released sometime in the future. For devices that do not have a client, which currently includes Linux and Mac OS 10.3.9, it helps us identify what is on our network and who is the responsible owner of that machine or device. This helps to identify possible issues of detecting machines that have been compromised. It also prevents any unauthorized machine or device from accessing the network.
Q. What about other 3rd party firewalls on my system?
The Bradford Agent will need to be allowed through your personal firewall. That is done differently on different personal firewalls. This is not a proble on the image supplied campus setup.