Frequently Asked Questions
Key Terms
Network Access Process: The process of authentication and validation of your computer required for network access.
Authentication: The process of verifying your access to the network by confirming your username and password and associating it with your computer.
Validation: The process of confirming that certain security measures are in place on your computer.
Q: How does the Network Authentication and Validation system work?
A: The new computer security system performs the following functions:
-
Requires authentication to the network.
-
Validates whether the system connecting to the network meets the minimum security standards.
-
Quarantines the system until it meets the minimum security standards.
-
Provides access to the remediation sites.
-
Once the system is validated as “clean,” allows access to the network.
Q: Why Are We Introducing this Solution Now?
A: There are over 31 medium or higher rated worms (Blaster, Nachi, Netsky, Sobig) that infected computer systems during the first 6 months of 2005. We did not have a solution that could effectively quarantine systems until proven “clean”; thus, many unprotected systems became infected as soon as they were physically plugged into the network. From investigations on the causes of the problems experienced, it has been determined that the best way to prevent this from happening again is to insure that virus software and OS critical update/patches are current and maintained.
Users who did connect systems that were current with both OS patches and anti-virus software also suffered delays in Internet and other network access due to the excessive traffic caused by the infected machines.
Q: How Does Validation Work?
A: The validation solution will “trap” any Internet browser access and redirect the user to a web page that instructs the user to download and install the validation client known as “Clean Access Agent”.
Once launched, the client downloads the validation rules and processes these. If the workstation fails the test, it is allowed Internet access only to the remediation sites for a period of time. Once corrected, full network access is provided and a timer is set for the connection.
The connection remains intact until the timer expires; at that time, the connection is reset and the user must re-validate by launching the client.
Q: What is Clean Access Agent?
A: Clean Access Agent is the client application that can check certain security settings on any Microsoft Windows PC to make sure that the system is up-to-date with required security patches and report this status to a Server. No information about the user or the content of user files is sent to the server. Each user must use Clean Access Agent for his/her Microsoft Windows PC in order to authenticate and use the network.
Q: What Validation Checks are being performed?
A: The following are some examples of validation checks that can be performed:
-
Run Nessus scans for known vulnerabilities.
-
Check for current release of anti-virus software and current virus definitions.
-
Check for current Windows OS Patches for Windows machines.
Q: How Long Do the Validation Checks Take?
A: The checks can take between 15 seconds to a few minutes.
Q: How Does Validation Work for Macintosh Users?
A: Macintosh users must authenticate by logging in via a web page. The only validation check for Macintosh systems is the Nessus scan. There is no client which is downloaded to Macintosh systems. The network connection timer is set for Macintosh systems; however, there is no icon that can be right-clicked to logout and subsequently login again.
Q: What Remediation is Available?
A: Microsoft Windows Patch Failure. If the user’s system fails the check for current critical OS patches, the user is instructed to click on the URL for the Microsoft Windows update site and follow the instructions. Additionally, the user is provided the option to download a program that can assist in configuration of Microsoft Windows Automatic Updates.
A: Anti-Virus Failure. If the user’s system fails the check for current anti-virus software, the user is provided a download either for the software itself or for the current engine and virus definition files.
A: Host IDS (Intrusion Detection). If the user’s system fails the check for current IDS/IPS host agent, the user is provided a download either for the software itself or for the agent files updates.