Network Authentication and Validation
Q: How does the Network Authentication and Validation system work?
A:The new computer
security system performs the following functions:
1) Require authentication to the network.
2) Validate whether the system connecting to the network meets the minimum security standards.
3) Quarantines the system until it meets the minimum security standards.
4) Provides access to the remediation sites. Once the system is validated as
"clean," allows access to the network.
|
Q: Why Are We Introducing this
Solution Now?
A:There are over 31 medium or
higher rated worms (Blaster, Nachi, Netsky, Sobig) that infected computer
systems during the first 6 months of 2004. We
did not have a solution that could effectively quarantine systems until proven
"clean"; thus, many unprotected systems became infected as soon as they were
physically plugged into the network. From
investigations on the causes of the problems experienced, it has been determined
that the best way to prevent this from happening again is to insure that virus
software and OS critical update/patches are current and maintained.
Users who did connect systems that were current with both OS patches and anti-virus software also suffered
delays in Internet and other network access due to the excessive traffic caused
by the infected machines. |
Q: How Does Validation Work?
A: The validation
solution will "trap" any Internet browser access and redirect the
user to a web page that instructs the user to download and install
the validation client known as "Safe Connect Agent".
Once launched, the client downloads the validation rules and processes
these. If the workstation fails the test, it is allowed
Internet access only to the remediation sites for a period of time. Once corrected, full network access is provided
and a timer is set for the connection.
The connection remains intact until the timer expires or the user
logs out of his/her Windows session; at that time, the connection is
reset and the user must re-validate by launching an Internet browser
and logging in.
|
Q: What is Safe Connect?
A:
The Safe Connect Policy Key is a small software client that continuously validates that your system
has the minimum security software running and up-to-date as per the
School's acceptable use policy. The Safe Connect Policy Key will
also certify that certain applications, prohibited by School policy,
are not running. |
Q: What Validation Checks are being performed?
A: The following are some
examples of validation checks that can be performed:
1) Run Nessus scans for known vulnerabilities.
2) Check for current release of anti-virus software and current virus definitions.
3) Check for current Windows OS Patches for Windows machines.
|
Q: How Long Do the Validation
Checks Take?
A: The checks can take between
15 seconds to a few minutes.
|
Q: How Does Validation Work for
Macintosh Users?
A: The same way it does
for Windows Users. |
Q: How Does Validation Work for
Linux Users?
A: Linux users must authenticate
by logging in via a web page. The only validation check for Linux systems is the Nessus scan. There is no client which is downloaded to Linux
systems. The network connection timer is set for Linux systems; however, there is no icon that can be
right-clicked to logout and subsequently login again.
|
Q: What Remediation is
Available?
A:
1) Microsoft Windows Patch Failure. If the user's system fails the check for current critical OS patches, the user is instructed
to click on the URL for the Microsoft Windows update site and follow the
instructions. Additionally, the user is provided the option to download a program that can assist in
configuration of Microsoft Windows Automatic Updates.
2) Anti-Virus/Anti-Spyware Failure. If the user's system fails the check for current anti-virus/anti-spyware software, the user is provided a download
either for the software itself or for the current engine and virus definition
files.
|
Safe Connect Agent Installation
|
Q: Do I have to use the Safe Connect Agent?
A: Yes. All
Microsoft Windows PCs and Mac OS systems are required to use the
Safe Connect Policy Key to ensure a safe computing environment for
all and it is required for network access.
|
Q: I cannot install the Safe Connect Agent, it warns me about administrative rights.
A: You must be logged onto your computer as a user with administrative rights or as the administrator.
Contact Helpdesk if do not have administrative rights.
|
Q: How do I know the Safe Connect Policy Key is installed successfully?
A:
On Windows machines with Windows 2000 or later, you can right-click any
blank space on the task bar at the bottom of your screen and select
the option "Task Manager". When the Windows Task Manager appears,
click the "Processes" tab and look for the process "SCClient.exe".
Mac users can confirm via the Activity Monitor (ProcessViewer under
10.2 or before). |
Q: What happens if I uninstall the Safe
Connect Policy Key?
A:
You can uninstall Safe Connect Policy Key at any time; however within
minutes you will then be unable to access the Internet. You will be
required to reinstall the Policy Key as if you are a new user to
gain Internet access. |
Q: I do not see the Safe Connect Policy Key icon in my system tray what do I do?
A: This is the expected
behavior, there is no icon.
On Windows machines with Windows 2000 or later, you can right-click any
blank space on the task bar at the bottom of your screen and select
the option "Task Manager". When the Windows Task Manager appears,
click the "Processes" tab and look for the process "SCClient.exe".
Mac users can confirm via the Activity Monitor (ProcessViewer under
10.2 or before). |
Q: What are the benefits to installing and
running the Safe Connect Policy Key?
A.
The Safe Connect Policy Key is part of the School's effort to help
you keep your computers as free as possible from viruses, spyware,
and operating system security holes. Machines protected in this way
generally perform much better and require much less downtime due to
damage caused by malicious software.
Also, the Safe Connect Policy Key can help to ensure that the
average user has the fastest possible browsing experience while
connected to the School's network. It does this by:
- Ensuring that communication from malicious software does not
flood the School's Internet connection, resulting in much slower
connections for legitimate users.
- Restricting certain applications that would otherwise
consume an unfairly large share of the School's bandwidth, again
resulting in a slower connection for the majority of users.
|
Login and Logout
Q. How do I login?
A:
When you enter a URL (www.google.com) on a browser window, you will be re-directed to a login webpage. Enter your username and password to login.
Ex. John.Doe
Lookup your login info here.
|
Q: I've opened my browser with a default blank page but I am not redirected to a login page.
A:Go to a non-local site such as
www.google.com.
|
Q: How do I logout?
A: When you log out of your Windows session, you will
be logged off of Safe Connect. When you log back into Windows
and open an Internet browser, you will be redirected to a login
page. |
Validating and Updating
Q: What am I allowed to access when Unauthenticated or Quarantined?
A: Any Windows Updates your system needs can be
downloaded and installed while you are in quarantine mode. The same
applies to virus definitions from most of the major anti-virus
providers and to anti-spyware updates. |
Q: Can I update Windows before I login?
A:Yes, you should be able to go to
http://windowsupdate.microsoft.com.
|
Q: Can I update my anti-virus before I login?
A:Yes, you can do so by clicking on Update from the anti-virus software system icon in your system tray. |
Q. When I run Windows Update, I get a message stating that the product key used to install windows is invalid?
A:Windows Update will fail if your Windows OS is not properly licensed. You must have a legal copy of the operating system to connect to the network.
|
Q: What does the Safe Connect Policy Key
Check for?
A:
Once the Safe Connect Policy Key is enabled, we will require that your
Windows Automatic Updater is running. You must also have running
anti-virus software installed with the most current definitions
available. You may also be required to have anti-spyware installed
and running. Finally, certain P2P file sharing applications may be
restricted. |
Q: Can I use my Gaming Console on ResNet?
A:Yes. The Safe Connect
appliance currently supports the following gaming consoles:
- Xbox and Xbox 360
- Playstation 3
- Nintendo Wii
If you have a gaming
console not on this list (ex. Playstation 2), you will need to submit a work order with your information, including
your game console's MAC address. Click
here to submit a work order. Please allow up to three business days to complete
the configuration.
|
Key Terms
Network Access Process: The
process of authentication and validation of your computer required for network
access.
Authentication:
The process of
verifying your access to the network by confirming your username and password
and associating it with your computer.
Validation:
The process of
confirming that certain security measures are in place on your computer.
|
Contact
Information
