ESF Campus Network Access Standard and Network Registration

ESF Campus Network Access Standard
and
Network Registration
ESF Campus Network Access Standard and Network Registration
1
Tables of Contents
Network Access Standard…………………………………………………………………… 2
Network Access Control at ESF…………………………………………………………..... 3
Network Registration Process……………………………………………………………… 4
Phases of NAC at ESF………………………………………………………………………... 8
Appendix………………………………………………………………………………………... 9
ESF Campus Network Access Standard and Network Registration
2
Network Access Standard
In order to better maintain the security and integrity of the ESF Campus Network, a
simple standard requirement list has been developed regarding devices that users
may wish to connect. This standard currently applies to the wired network at ESF.
This set of requirements will ultimately be enforced via a Network Access Control
(NAC) system that is currently being used at ESF.
Standard requirements are tied to Network Registration, a process that associates
devices connected to the network with a specific user. To register your device and
determine if it meets the minimum requirements listed below, please proceed to
the ESF Campus Network Registration portal at http://registration.esf.edu/.
Following are the minimum system requirements for connecting a PC/Mac to the
ESF Campus Network:
Operating system:
Windows: Windows XP with Service Pack 3 or higher version of Windows. Any
supported version should include the latest critical security updates as obtained
from Windows Update ( http://www.update.microsoft.com/ ). Support for
Windows XP will end 8 April 2014.
Mac OS: OS X 10.6.X or higher.
Other: Other Operating systems, such as the various versions of Linux and Unix,
must be registered to the network by directly contacting the Computer & Network
Services (CNS) helpdesk.
Antivirus:
Windows: Symantec End Point Protection version 11.X or 12.X (preferred;
supplied by ESF)
Mac OS: Symantec Antivirus for Macintosh version 11.X, or higher (preferred;
supplied by ESF)
See the Appendix for other approved Antivirus software (PC/Mac)
General Anti-malware:
Windows: Symantec End Point Protection version 11.X or 12.X (preferred;
supplied by ESF)
Mac OS: None currently
See the Appendix for other approved Antispyware software (PC)
ESF Campus Network Access Standard and Network Registration
3
Network Access Control at ESF
Network Access Control (NAC) is a network security system that allows or denies
access to a network based on a set of policies or standards. If there is a policy or
standard violation, a device (PC, Mac, wireless device, etc.) can be isolated until the
issue is rectified. The ultimate purpose of the campus NAC system is to secure the
network and those using it by ensuring that the devices connected meet minimum
standards.
Common scenarios for the use of such a system include:
1. Isolate unknown devices/systems until they can be registered/bound to an
individual using a valid username and password. Only valid users can
connect devices to any given network when NAC is enforced. For guest
access to wired systems, please e-mail the CNS Helpdesk at
helpdesk@esf.edu. Guest access on the ESF wireless network is currently
offered under very specific circumstances and only in designated areas.
2. Isolate a device when its operating system or software becomes out dated.
When the system has been updated, it is removed from isolation and returned
to normal service.
3. Isolate a device/system when its security software becomes out dated.
When the software has been updated, the device/system is removed from
isolation and returned to normal service.
4. Isolate a device/system when a malware infection (spyware, trojan, virus,
etc.) is detected. When the system has been cleaned of infection, it is
removed from isolation and returned to normal service.
5. Isolate a device/system when a user policy violation had been encountered.
The bottom line is that if your registered device stays up-to-date in terms of both
operating system updates and security software updates, you will maintain a
connection to the ESF Campus Network.
NAC system components:
The typical NAC system consists of a combination of network hardware, user
software, device standards, and user policies.
Important Note:
It is important to note that the Network Registration process and the Network
Access Control System, including the Bradford Persistent Agent, in no way
monitor, or facilitate monitoring, the activities of individual users on the ESF
Campus.
ESF Campus Network Access Standard and Network Registration
Network Registration Process (Voluntary Manual Registration)
Step 1 - Establish a physical connection to the network
Connect your computer to an active network jack using an Ethernet cable. Your
computer should automatically configure and connect to the network, which will
be shown as one of the following:
PC:
Mac:
Step 2 - Navigate to ESF Network registration
Open your browser and navigate to http://registration.esf.edu/, The following
page will open:
You will then be redirected to the initial registration page:
To begin registration, click on “START”.
4
ESF Campus Network Access Standard and Network Registration
5
Step 3 - Log In to registration
A new page will open. Find the Log In Field at the bottom of the page and input
your campus NetID and password and click “Log in to continue”.
After logging in, close out of the browser window.
Step 4 - Download Bradford Security Agent
A download will start for a Bradford Persistent Agent. Ensure you accept the
pop-up if your browser blocks pop-ups automatically. This file is security software
for your computer. Its purpose is to ensure you have important security updates
and protection on your computer. In NO WAY does this software collect data
or monitor your system.
“Save” and “Run” the downloaded file.
ESF Campus Network Access Standard and Network Registration
Step 5 - Install Bradford Security Agent
When the download has completed and you run the new file, an installation
process will begin. To start the installation you may be required to provide
administrative credentials for your device (i.e. enter an administrator username
and password). When installation windows opens, click “Next”.
Allow the installation process to run and complete. When prompted you will be
required to again provide your campus NetID and password, then select
“Login”.
2.g Return to registration.esf.edu
6
ESF Campus Network Access Standard and Network Registration
7
Step 6 - Ensure all network standards are met
Once the installation has completed, return to your browser and again navigate
to http://registration.esf.edu/.
If your system does not meet all the security requirements, you will be provided a
list of instructions and updates to meet the network’s standard. Follow the
instructions and install the updates to complete registration. Then again return to
the registration website. To install updates you may be required to provide
administrative credentials for your device (i.e. enter an administrator username
and password).
When your device meets the requirements for registration, you will see the
following at and your device will have been successfully registered:
ESF Campus Network Access Standard and Network Registration
8
Phases of NAC at ESF:
Phase 1: Pre-registration - COMPLETED
Passively register unknown domain PCs to their users and install the NAC security
agent. This phase is complete at ESF. All PCs joined to either the ESFADMIN or AD
domains at ESF/SU have been registered to their users. Additionally, the Bradford
Persistent Agent has been installed on all of these PCs. This process started in June
of 2011.
Phase 2: Initial Registration - IN PROGRESS
Ask users to register unknown devices, not in either the ESF or SU domain, and
install the NAC security agent. This is the current focus of effort at ESF. Users of
non-domain PCs and Macs are encouraged to go to http://registration.esf.edu/, log
in, and install the Bradford Persistent Agent. The Bradford Persistent Agent is a
small program that monitors your Antivirus, Antispyware, and Operating System to
make sure they stay up to date.
Phase 3: Forced Registration - Coming Soon!
Enforce the registration of unknown devices on the ESF Campus Network. During
this phase, unknown devices will be isolated until they are registered to an individual
and have the proper security software installed.
Phase 4: Actuated System - TBD
Actively enforce the ESF Campus Network Access Standard on all devices
connecting the Campus Network.
ESF Campus Network Access Standard and Network Registration
9
Appendix: Acceptable Antivirus/Anti-malware Alternatives
Windows Antispyware*:
* Includes Antivirus packages that have antispyware features
AVG-2011
AVG-2012
AVG-2013
AVG-2014
AVG-8.0
AVG-8.5
AVG-9.0
AVG-Anti-Spyware
Ad-Aware-2007
Ad-Aware-2008
Ad-Aware-Antivirus-10
Authentium-Command-Anti-Malware-5.0
Avast
Avast-Endpoint-Protection-Suite
Avast-Internet-Security
Blink-AV
CA-PestPatrol
Check-Point-Endpoint-Security
Enigma-SpyHunter
Eset-Smart-Security
F-Secure
Faronics-Anti-Virus-Enterprise-Workstation
GDATA-Internet-Security-2012
GDATA-Internet-Security-2013
GDATA-Total-Security-2012
GDATA-Total-Security-2013
GFI-Business-Agent
GFI-Vipre-Internet-Security-2012
Kaspersky-Anti-Virus-2009
Kaspersky-Anti-Virus-2010
Kaspersky-Anti-Virus-2011
Kaspersky-Anti-Virus-2012
Kaspersky-Anti-Virus-2013
Kaspersky-Anti-Virus-2014
Kaspersky-Anti-Virus-8-WSEE
Kaspersky-Endpoint-Security-10
Kaspersky-Endpoint-Security-8
Kaspersky-Internet-Security
Kaspersky-Internet-Security-2010
Kaspersky-Internet-Security-2011
Kaspersky-Internet-Security-2012
Kaspersky-Internet-Security-2013
Kaspersky-Internet-Security-2014
Kaspersky-PURE
Kaspersky-PURE-2.0
Kaspersky-PURE-3.0
LANDesk-Antivirus
Lavasoft-Adaware
Lightspeed-Security-Agent
Malwarebytes-Anti-Malware
McAfee-AntiSpyware-Enterprise
McAfee-AntiVirus-Plus
McAfee-AntiVirus-Plus-12
McAfee-Home
McAfee-Internet-Security
McAfee-LiveSafe-12
McAfee-SecurityCenter-12
McAfee-Total-Protection-10
McAfee-Total-Protection-11
McAfee-Total-Protection-12
Microsoft-Forefront
Microsoft-Forefront-Endpoint-Protection-2010
Microsoft-Security-Essentials
Microsoft-System-Center-2012-Endpoint-Protection
Microsoft-Windows-Defender
Microsoft-Windows-OneCare
Norton-360
Norton-Anti-Virus-2009
Norton-Anti-Virus-2010
Norton-Anti-Virus-2011
Norton-Anti-Virus-2012
Norton-Antivirus-(2013+)
Norton-Internet-Security
Norton-Internet-Security-(2013+)
Norton-Internet-Security-2009
Norton-Internet-Security-2010
Norton-Internet-Security-2011
Norton-Internet-Security-2012
ESF Campus Network Access Standard and Network Registration
PCTools-Spyware-Doctor
Panda-Global-Protection-2009
Panda-Global-Protection-2010
Panda-Global-Protection-2012
Panda-Internet-Security-2010
Softwin-BitDefender-Antivirus-2010
Softwin-BitDefender-Internet-Security-2010
Softwin-BitDefender-Internet-Security-2011
Softwin-BitDefender-Total-Security-2010
Softwin-BitDefender-Total-Security-2011
Sophos
SpyBot
Spyware-Blaster
Sunbelt-CounterSpy
Sunbelt-CounterSpy-Enterprise-Agent Sunbelt-Vipre
Sunbelt-Vipre-Enterprise-Agent
Symantec-Endpoint-Protection
Trend-Micro-AntiSpyware-2008
Trend-Micro-AntiVirus-2009
Trend-Micro-Internet-Security
Trend-Micro-OfficeScan
Trend-Micro-Titanium
Webroot-AntiSpyware-Corporate
Webroot-SecureAnywhere
Webroot-SpySweeper
ZoneAlarm-Extreme-Security
ZoneAlarm-Internet-Security
10
ESF Campus Network Access Standard and Network Registration
11
Windows Antivirus:
AVG-2011
AVG-2012
AVG-2013
AVG-2014
AVG-8.0
AVG-8.5
AVG-9.0
Ad-Aware-Antivirus-10
Authentium-Command-AV
Authentium-Command-Anti-Malware-5.0
Avast
Avast-Endpoint-Protection-Suite
Avast-Internet-Security
Avira-AntiVir
Blink-AV
BullGuard
CA-Anti-Virus
Check-Point-Endpoint-Security
Cisco-CSA-AV
ClamWin-AntiVirus
DrWeb
EZ-Trust
Eset-NOD32
F-Prot
F-Secure
Faronics-Anti-Virus-Enterprise-Workstation
GDATA-AntiVirusKit
GDATA-Internet-Security-2012
GDATA-Internet-Security-2013
GDATA-Total-Security-2012
GDATA-Total-Security-2013
GFI-Business-Agent
GFI-Vipre-Internet-Security-2012
Grisoft-AVG
Kaspersky
Kaspersky-Anti-Virus-2009
Kaspersky-Anti-Virus-2010
Kaspersky-Anti-Virus-2011
Kaspersky-Anti-Virus-2012
Kaspersky-Anti-Virus-2013
Kaspersky-Anti-Virus-2014
Kaspersky-Anti-Virus-8-WSEE
Kaspersky-Endpoint-Security-10
Kaspersky-Endpoint-Security-8
Kaspersky-Internet-Security
Kaspersky-Internet-Security-2010
Kaspersky-Internet-Security-2011
Kaspersky-Internet-Security-2012
Kaspersky-Internet-Security-2013
Kaspersky-Internet-Security-2014
Kaspersky-PURE
Kaspersky-PURE-2.0
Kaspersky-PURE-3.0
LANDesk-Antivirus
Lightspeed-Security-Agent
Malwarebytes-Anti-Malware
McAfee-AntiVirus-Plus
McAfee-AntiVirus-Plus-12
McAfee-EPO
McAfee-Enterprise
McAfee-Home
McAfee-Internet-Security
McAfee-LiveSafe-12
McAfee-SecurityCenter-12
McAfee-Total-Protection-10
McAfee-Total-Protection-11
McAfee-Total-Protection-12
McAfee-VirusScan-Enterprise-8.7i
McAfee-VirusScan-Enterprise-8.8i
MicroWorld-eScan
Microsoft-Forefront
Microsoft-Forefront-Endpoint-Protection-2010
Microsoft-Security-Essentials
Microsoft-System-Center-2012-Endpoint-Protection
Microsoft-Windows-Defender
Microsoft-Windows-OneCare
Norman
Norton
Norton-360
Norton-Anti-Virus-2009
Norton-Anti-Virus-2010
Norton-Anti-Virus-2011
ESF Campus Network Access Standard and Network Registration
Norton-Anti-Virus-2012
Norton-Antivirus-(2013+)
Norton-Internet-Security-(2013+)
Norton-Internet-Security-2009
Norton-Internet-Security-2010
Norton-Internet-Security-2011
Norton-Internet-Security-2012
PCTools-AntiVirus
PCTools-Spyware-Doctor-With-AntiVirus
Panda
Panda-Anti-Virus-2010
Panda-Global-Protection-2009
Panda-Global-Protection-2010
Panda-Global-Protection-2012
Panda-Internet-Security-2010
Rising-Antivirus
Softwin-BitDefender
Softwin-BitDefender-Antivirus-2010
Softwin-BitDefender-Internet-Security-2010
Softwin-BitDefender-Internet-Security-2011
Softwin-BitDefender-Total-Security-2010
Softwin-BitDefender-Total-Security-2011
Sophos
Sunbelt-Vipre
Sunbelt-Vipre-Enterprise-Agent
Symantec-Corporate
Symantec-Endpoint-Protection
Trend-Micro
Trend-Micro-AntiVirus-2007
Trend-Micro-AntiVirus-2008
Trend-Micro-AntiVirus-2009
Trend-Micro-Internet-Security
Trend-Micro-Internet-Security-2008
Trend-Micro-OfficeScan
Trend-Micro-SMB
Trend-Micro-Titanium
Vexira-AV
Webroot-AntiVirus-Corporate
Webroot-SecureAnywhere
Webroot-SpySweeper
ZoneAlarm-Extreme-Security
ZoneAlarm-Internet-Security
eTrust
12
ESF Campus Network Access Standard and Network Registration
13
Mac Antivirus:
Avast
ClamXav
ESET-NOD32-Antivirus-4
Intego-VirusBarrier-X4
Intego-VirusBarrier-X6
Lightspeed-Security-Agent
McAfee-Security
McAfee-VirusScan
Norton
PCTools-iAntiVirus
Sophos
Trend-Micro-Security
Avira-Mac-Security
ESET-Cybersecurity-for-Mac
Intego-VirusBarrier-2013
Intego-VirusBarrier-X5
Kaspersky-Anti-Virus
McAfee-Internet-Security
McAfee-Virex
Microsoft-SC-2012-Endpoint-Protection
Norton-AntiVirus-for-Mac-2012
ProtectMac-AntiVirus
Symantec-iAntiVirus
Trend-Micro-Smart-Surfing-for-Mac
Download PDF