Living With NAC In An EDU World - Part Two - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
Commentary
9/26/2008
06:48 PM
Howard Marks
Howard Marks
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Living With NAC In An EDU World - Part Two

My last blog entry on our NAC experience at Purchase College resulted in the expected emails and phone calls from NAC vendors convinced that we would be ready to junk StillSecure's SafeAccess and adopt their products just because I used the line "while it's not going as well as we hoped, it is going better than we feared." Well folks while we do have a few bones to pick with StillSecure, which I'm not getting into today, most of our headaches are more about how NAC is harder in the EDU space th

My last blog entry on our NAC experience at Purchase College resulted in the expected emails and phone calls from NAC vendors convinced that we would be ready to junk StillSecure's SafeAccess and adopt their products just because I used the line "while it's not going as well as we hoped, it is going better than we feared." Well folks while we do have a few bones to pick with StillSecure, which I'm not getting into today, most of our headaches are more about how NAC is harder in the EDU space than the real, read corporate, world.In the corporate world all your computers are members of your Active Directory domain, run your corporate standard Anti-virus and Anti-spyware applications and access your patch management server for OS and other updates. While a company with 500-1000 employees, like the college, might not have a comprehensive patch management system they'll have Microsoft's free WSUS and an anti-virus management server running Norton System Center, ePolicy Orchestrator or the like from their anti-virus vendor.

We in the EDU world have thousands of computers that aren't members of our domains, have any of a hundred different anti-virus and anti-spyware solutions if they have one at all and can be running Windows, Mac OS (9 or 10) and/or some obscure Linux distribution. So where support for Symantec, McAfee, Trend and CA will cover 99% of the corporate users here at a state school with an arts concentration support for Avast and AVG are equally important.

One vendor that called this week started his spiel bragging about how their agentless system would eliminate the pain our students had installing the SafeAccess agent. When I asked how his system remotely read the Windows registry to see if the latest virus definitions were installed when I didn't have administrator privileges on the system he had to get me an engineer who admitted an agent was required for unmanaged PCs like those in the EDU space.

When it comes to quarantining unhealthy systems corporate network managers can stick the occasional consultant or other guest in an access the internet only subnet protecting their servers and workers from their system. While you'd like them to remediate; truth is if they don't, they don't.

Our students would be perfectly happy if we gave them internet access in quarantine. If they can get to YouTube and "share" music via Gnutella they don't care if they can access the registration system from their dorms rooms, except of course during registration. If we didn't block internet access most students wouldn't remediate.

We have two big problems with our current solution. The first I classify as "Who'd a thunk it" when we tested the system over the summer we made sure it could support Windows 2000, XP and Vista and Mac OS X. As students started arriving we found more OS 9 systems than we expected and discovered that HP is pre-installing the 64bit version of Vista on consumer laptops. Since 64bit Vista still has a somewhat narrower set of drivers than the 32bit and should benefit machines with more than 4GB of memory we didn't test , and discovered that SafeAccess doesn't fully support the 64 bit version.

The second problem is remediation. Many of our students aren't up for installing service packs, anti-virus updates Etc. Through in the old antivirus software that sees service packs as viruses and the helpdesk is swamped. Once again the corporate folks, with fewer variables, have an easier row to hoe here.

The story's not over yet…

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll