Getting Started with Clean Access
What is Clean Access and What Do I Do?
Clean Access is a network security system that checks weekly for vulnerabilities on machines connected to the VCU Residential Network. All student workstations must pass these checks to get online.
Please follow these steps to gain network access:
- User Authentication
- Web Login (for non-Windows based computers)
- Clean Access Agent
- Vulnerability Assessment
Missing OPTIONAL Software
Removing the Clean Access Agent
|
Background : Nearly all network outages or brown-outs experienced in ResNet are the result of virus-infected or severely compromised student PCs accessing the network. As a result, it has become necessary for the University to implement a network security system in order to minimize the risk posed by students who connect infected PCs to the campus network. |
User Authentication
User authentication simply means you need to provide proper credentials (i.e. your VCU eID username and password) in order to gain access to the network. There are two methods for entering this information: Web login and Clean Access Agent.
Web Login
Open any web browser, such as Internet Explorer, Safari, Firefox,
Opera, etc. If your network settings are configured properly, you
should be automatically redirected to the authentication page where you
will be prompted to enter your eID and password.
|
Web Login is the user authentication method for all non-Windows based computers. Users running Windows 2000 or higher are required to authenticate using the Clean Access Agent. |
Clean Access Agent
If you are running Windows 2000 or higher, you will be directed to install the Clean Access Agent. For Windows users, the Agent will now be the method for authenticating.
You will see a Network Security Notice with the following information:
Once the Agent installer is saved, double-click to install. Following the wizard installation instructions should only take a minute or two.
Once Clean Access Agent is installed, the login window will appear
automatically whenever your computer attempts to access the network.
Enter your VCU eID username and password and click Login. (Note:
The authentication provider should be VCU eID Logon)
|
If the Clean Access Agent log in window doesn't appear automatically, you probably have an installed firewall (e.g. Norton Internet Security) preventing the window from popping up. To bypass this problem, modify your firewall rules to allow Clean Access Agent (port 8905). The method for modifying the rules vary depending on the firewall you're running. |
Vulnerability Assessment
After you successfully log into the system, Clean Access checks your computer for vulnerabilities to make sure it meets the necessary security requirements for connecting to the network. Only compliant computers are granted full network access. Each Monday your machine will be revalidated to ensure compliance.
What are the requirements for accessing the network?
It's possible that the minimum requirements may vary from time to time in order to remain proactive in preventing new viruses and Trojans from infiltrating the network. All students are accountable for keeping their computer updated with current antivirus software and all operating system security patches. Here are the current and planned specific requirements that Clean Access checks:
|
|
|
|
|
Current requirements:
|
|
Current requirements:
|
|
|
Current requirements: |
|
|
Current requirements: |
|
If no vulnerabilities are found, your computer is considered compliant and is granted full network access. If vulnerabilities are found, your computer is moved into remediation.
Remediation
If your computer fails the vulnerability assessment, it is moved into remediation, and you are provided with directions for fixing/patching it. You are given temporary network access in order to download any necessary software. Clean Access makes the distinction between REQUIRED and OPTIONAL software.
Missing REQUIRED Software
Required software must be installed before your computer will be granted network access. If your computer is missing required software, you'll see a message like this:
(Note: The location of the required software will be on a VCU website):
Click the Go To Link (or Download)
button to download and install the required software. Because this is
required, you must correct the problem before full network access is
granted.
Removing the Clean Access Agent
By Spring 2007, the Clean Access Agent will be required for all computers connected to the VCU Residential Network. If you connect your computer to the Internet somewhere other than in ResNet, the Clean Access Agent is not required and simply will not appear. However, if you move off-campus and no longer need to connect your computer to ResNet, you'll probably want to remove the Clean Access Agent. To do so, go to Start -> Control Panel -> Add or Remove Programs. Select Clean Access Agent and click Remove.
Temporal Agent
Cisco has developed a version of the CCA Agent which does not require installation on the client computer to authenticate. You will be informed when this version is available.
