What is Cisco Clean Access? How can I access the network from my dorm room? |
If you are trying to setup a Playstation 2 or Xbox view this FAQ.
General Information
Q: What is Clean Access?
A:
Clean Access is a network security solution that will provide you with
a secure and clean network environment by preventing infected and
vulnerable machines in the residence halls from joining the
university’s network. At the same time, it will provide necessary
directions and help pages for machines that do not pass the security
requirements.
Q: Why are we introducing this solution now?
A:
The university is making every effort to make your network experience
productive and secure. In the past, students, through no fault of their
own in most cases, had difficulty dealing with virus infections and OS
vulnerabilities. It has been determined that the best way to prevent
this from happening again is to ensure that virus software and OS
critical updates and patches are current and maintained.
Q: Am I required to install any software on my computer?
A:
All Microsoft Windows computers are required to install the Clean
Access Agent client software to connect to the university residence
hall network. You will also be required to install Microsoft critical
OS updates and patches.
Q: What is Clean Access Agent, and what requirements does it check in order to successfully connect to the network?
A:
Clean Access Agent is a client application that will check certain
security settings on your Microsoft Windows PC to make sure that your
system is up-to-date with required security patches and report this
status to the server. No information about you is sent to the server.
You must use Clean Access Agent for your Microsoft Windows PC in order
to authenticate and use the university network. Current required
security settings include: Turning on Automatic Updates, OS service
pack level, and critical OS updates and patches.
Validation Process
Q: What is validation?
A: The process of confirming that certain security measures are in place on your computer.
Q: How Does Validation Work?
A:
The validation solution will “intercept” any Internet browser access
and redirect the user to a web page that instructs the user to download
and install the validation client known as “Clean Access Agent”. Once
launched, the client downloads the validation rules and processes
these. If the workstation fails the test, it is allowed Internet access
only to the remediation sites for 60 minutes.
Q: What Networks Require Validation?
A: Validation is required only if students are connecting to the network from the Residence Halls.
Q: What Validation Checks are Being Performed?
A: ResNet machines are required to meet the following criteria:
- Have the current Critical Updates & Hot Fixes
- Have turned on Automatic Updates feature for Microsoft Windows on your machine
- Have installed some form of AntiVirus Software
Note: Nessus scans are performed on Linux and Macintosh machines for known vulnerabilities. In the near future we will be checking for current anti-virus definitions
Q: How Long Does the Validation Check Take?
A: In general, the checks take between 15 and 30 seconds.
Q: How Does Validation Work for Microsoft Users?
A:
All Microsoft Windows computers are required to install the Clean
Access Agent client software to connect to the university network. You
will also be required to install Microsoft critical OS patches and
updates.
Q: How Does Validation Work for Linux, Macintosh and Non-Windows Users?
A:
Linux, Macintosh and Non-Windows users must authenticate by logging in
via a web page. The only validation check (performed in the background)
for Linux, Macintosh and Non-Windows systems at this time is the Nessus
scan. There is no client needed for Linux, Macintosh and Non-Windows
systems.
Q: What am I allowed to access when Unauthenticated or Quarantined?
A: For the most part, remediation and help sites such as windowsupdate.microsoft.com are available to access.
Other sites will be available, however links will be provided if it is recommended that you visit such sites.
Q: What Remediation is Available?
A:
If a user’s systems fails authentication, the user is instructed to
provide the correct university network username and password. If the
user does not have or has forgotten his/her password, he/she is
instructed to contact the helpdesk at x5405.
Q: What happens when a new patch or updates are available?
A:
As new critical Microsoft updates become available, the security
requirements will be updated to reflect the new patches. Typically, we
will not immediately set the validation check for the new patches, but
allow some time (typically a week) for people to update their systems
in due course. If a vulnerability is reported or the threat of a virus
storm or worm attack emerges, we will update the validation check
immediately in reaction to the threat.
Login / Logoff Process
Q: When and how often do I have to login?
A:
You will be logged off the network automatically if you become
disconnected from the network for 15 minutes or longer. For example, if
you shut down your machine for more than 15 minutes, you will be
required to re-authenticate and re-validate to regain network access.
The first time you access the network may take additional time, please
be patient.
Q: How will I know when I am logged out of the network?
A:
If you choose “logout” from Clean Access Agent or your browser, you
expire your login session. Other indications that your network
connection has been terminated are:
- Email may fail to send or receive;
- Instant messaging fails or suddenly stops working;
- File downloads may suddenly stop;
- Browser may be redirected to login page.
Q:
Each time I try to use my computer to access the internet, my browser
tells me that I need to login. Do I have to login frequently?
A:
Many computers are configured to “sleep” when not in use, if your
computer is set this way, you will be logged off the network and must
authenticate to regain access each time your computer “sleeps” more
than 15 minutes.
Q: How do I tell if I am already logged in?
A: The best way is to try to go to an internet site. In most cases, if you are able to access a site such as www.ashland.edu or www.google.com, you are online and logged in.
Q: How do I check to see if I have a valid IP address?
A: Complete following steps:
- Go to the Start menu and click on "Run"
- Type cmd, and click "OK"
- At the prompt, type ipconfig
All Computers connected to the ResNet will have an IP starting with 172.17.x.x
Q: What IP address should I expect?
A: Each student computer should get an IP address that is similar to the following:
- IP Address: 172.17.XXX.XXX
- Subnet Mask: 255.255.255.252
Q: How do I logout?
A:
Currently, the only way to manually logout is to use the Clean Access
Agent “logout” feature. Right-click the Clean Access Agent icon in the
system tray and choose logout. The Clean Access Agent icon appears in
the system tray.
Q: How do I tell if I am Quarantined/Unauthenticated?
A: The best way is to try to go to an internet site. In most cases, if you are UNABLE to access an external site, such as www.ashland.edu or, www.google.com, you are unauthenticated or might be Quarantined (the Clean Access Agent should indicate this status).
Q: I use a personal firewall; will this cause a problem?
A:
Usually no. In most cases, a personal firewall will work fine.
Depending upon the firewall product you will receive several pop-up
windows requesting “ok to proceed”. Some of the personal firewalls are:
- Windows XP
- BlackIce
- Zone Alarm
- Sygate
Troubleshooting Tips:
Q: I cannot access the login page. I get the redirection page but then my browser gives an error and stops.
A:
Generally, this is caused by an encryption (SSL) problem with your
browser. Encryption is required for authentication to complete. Try
another browser if you are unable to correct the problem with the first
browser. (IE -> Netscape; Netscape -> IE). Usually, Netscape has
fewer encryption problems (www.netscape.com).
Q: I am unable to ping the default gateway address; shouldn’t I be able to do this?
A:
No, you will not be able to ping the default gateway. This is normal.
Until you are completely logged in, you will not be able to ping any
address.
Q: What am I allowed to access when Unauthenticated or Quarantined?
A: For the most part, remediation and help sites such as windowsupdate.microsoft.com.
Q: I’m on a Macintosh or Linux machine. I’ve opened my browser but I am not redirected to a login page. What do I do?
A: You must try to go to a non-local site such as www.google.com.
Q:
I’m on a Windows machine. Sometimes I can login using the web page and
at other times, the web page tells me that I must use Clean Access
Agent, why?
A: It depends on when the last time your
computer was “validated” to the network. You can always use the Clean
Access Agent client.
Q: I am able to access the internet but the Clean Access Agent still allows me to “login”. Am I logged in?
A: Yes, the Clean Access Agent may not always detect your network status. If you can access normal internet sites such as www.ashland.edu or, www.google.com, then you are authenticated.
Q: I am not able to access the internet and the Clean Access Agent only allows me to “logout”. What’s going on?
A: The Clean Access Agent may not always detect your network status. Please choose “logout” and then choose “login”.
Q: How do I logout?
A:
Currently, the only way to manually logout is to use the Clean Access
Agent “logout” feature. Right-click the Clean Access Agent icon in the
system tray and choose logout. The Clean Access Agent icon appears in
the system tray:
Q: I do not have a “logout” option in Clean Access Agent.
A:
The Clean Access Agent does not always detect your network status. Once
you login through the Clean Access Agent, you will have the “logout”
feature.
Q: Can I update Windows before I login?
A:
Yes, you should be able to go to windowsupdate.microsoft.com. You may
not be able to use the direct link in your browser on your desktop.
This is normal.
Q: When I run Windows Update, I get a message stating that the product key used to install windows is invalid?
A:
Windows Update will fail if your Windows OS is not properly licensed.
You must have a legal copy of the operating system to connect to the
university network.
Q: Do I have to use the Clean Access Agent client?
A: Yes. All Windows PCs are required to use Clean Access Agent for network access.
Q: What happens if I uninstall the Clean Access Agent client?
A: You will be required to reinstall the client to re-authenticate when your login expires.
Q:
The Clean Access Agent client does not offer a “login,” just a
“logout,” and the web page tells me that I must now use Clean Access
Agent to login; what do I do?
A: The Clean Access Agent
does not always detect your network status. Please choose “logout”, and
then you will have the “login” feature.
Q: I keep trying to install the Clean Access Agent but it tells me that I can either Modify/Repair or Remove the program.
A: Clean Access Agent is currently installed on your machine. You do not need to install it again.
Q: How do I know Clean Access Agent is running?
A:
Look in the “System Tray” for in the lower right corner near the time
display. You may need to select the “<<“to expand the list and
show Clean Access Agent.
Q: I do not see the Clean Access Agent icon in my system tray; what do I do?
A: There are a few possibilities:
- Clean Access Agent has not been installed. -> Please install Clean Access Agent to continue.
- Clean Access Agent has been installed but you did not select “Launch” at the end of the installation. -> From the “Start” menu, then “Programs”, then “Clean Access”, then “Clean Access Agent”, then “Clean Access Agent” to launch the program.
- Clean Access Agent is “hidden” in the Systray. -> Please click on “<<“ to expand the system tray list and show Clean Access Agent, then login.
- Your computer has a problem showing Systray icons. -> You may be able to use “Task manager” to halt Clean Access Agent and then launch it again.
- Clean Access Agent is installed but not running. -> From the “Start” menu, then “Programs”, then “Clean Access”, then “Clean Access Agent”, then “Clean Access Agent” to launch the program.
Q: Microsoft Windows Patch Failure.
A:
If the user’s system fails the check for current critical OS patches,
the user is instructed to click on the URL for the Microsoft Windows
update site and follow the instructions. Additionally, the user is
provided the option to download a program that can assist in
configuration of Microsoft Windows Automatic Updates.
Q: What About Xboxes, PlayStations, etc.?
A: To find out how to set-up an Xbox or a Playstation, click here.
Key Terms
Network Access Procedure: The process of authentication and validation of your computer required for university network access.
Authentication: The process of verifying your access to the network by confirming your username and password and associating it with your computer.
Validation: The process of confirming that certain security measures are in place on your computer.
Client: A software program that describes the actions that are to be carried out by your computer.
Quarantine: A place on the network that has restricted access, where infected machines reside until they are cleaned.
Nessus Scans: A comprehensive vulnerability scanning program used by the server to scan machines against known vulnerabilities. The process is transparent to the end-user, nor is anything installed on the end-users machine.
Some of the contents of this FAQ have been taken from Georgia Southern University, Liberty University, and Western Connecticut State University