Oh, forgot to mention: We have the heartbeat session timer set to 2
hours, which should force users to login again, if their machines have
been off that long. Also, we are still deciding if we will force
re-certification at some more frequent regular interval like 1-3 weeks
at a time, to force scanning of machines running the agent that aren't
being made to log-in as much. One of the timeouts is decertifying
people, according to our graphs, wish I knew which one!
Also in regards to dhcp lease times: if it still renews to the same ip,
they still won't be forced to log in. So, disregard what I said earlier :)
--Homer Manila
Network Security Administrator
Office of Information Technology
American University
Homer Manila wrote:
> Changing network/internet access from having no requirements to CA can
> be frustrating to the students. Telling them that implementing it will
> make their machine more secure and the network happy sometimes isn't
> enough. It helped that we had numbers to back up our decision to
> implement CA: Last year alone, we had over 1200 virus tickets that
> resulted in a loss of over $100k in man-hours and downtime. Those are
> good numbers to give budget/funding too, if you have it.
>
> I would also suggest increasing your temporary access time to at least 2
> hours, which is what we did, to facilitate some of the longer
> downloads(sp2). Increasing your session timeout might be a good thing
> too; we actually don't have a timeout set for our users. Since CA will
> make you log in after the mac-address to ip-address combo is void(dhcp
> lease time has expired and the user receives a new ip, user moves to
> another subnet, etc), it will make the user sign-on again. If your dhcp
> lease times are set higher, the user will keep their ip address longer,
> and have to sign-on less. Plus, we plan on forcing re-certification
> after every year or semester is over.
>
> --Homer Manila
> Network Security Administrator
> Office of Information Technology
> American University
>
>
> Sean Ward wrote:
>
>> We (Bowling Green State University) recently performed a very small
>> test of Clean Access/Perfigo in a residence hall where we have about
>> 20 students living because of conferences and the like. Of the 20,
>> about 14 had computers that connected, of which 10 filled out a survey
>> on our website.
>>
>> Included below are the responses we received. For those of you who
>> have been testing or have finished testing Clean Access, what type of
>> response did you get from the students? Were they similar to ours?
>> In what ways did you convince those in charge of the budget/funding
>> that it was worth the cost?
>>
>> In an occurrence that could only be defined as "awesome", the
>> instructions document is corrupted, so I cannot attach, include, or
>> link to it until I take time to recreate it.
>>
>> Any and all responses would be appreciated.
>>
>> Thanks,
>> Sean
>>
>> Did you have any issues with the documentation? If so, what were they?
>>
>> * When trying to download clean access it kept comping up with a
>> message that said you must open excutiable file something,
>> something, something?? and I had no clue what it was talking
>> about, so I played around and finally figured it out. That was
>> confusing at first and somewhat frustrating
>> * I guess my default settings were making it difficult to configure
>> the software
>> * Some of the windows that popped up, such as the temporary
>> connection to the network, were not in the manual so I had to
>> click on what I thought was right.
>> * I tried to get it to loadfor 3 hours with no luck. Finally RCC had
>> to come and install a new web browser. Now it works just fine.
>> * The documentation was fine.
>> * I had no problem installing the software and getting back on the
>> network. The instructions were thorough and I appreciated the
>> screen shots that were included.
>> * It made me update fifty million times when I first got on.
>>
>> Have you had any issues connecting to the network or Internet since
>> having the software installed? If so, how many times did this happen,
>> what type of issues were you having, and what were you doing at the time:
>>
>> * Every so many days it would kick me off the network and I'd have
>> to restart my computer to be able to connect to the internet. This
>> is very frustrating and annoying, especially since it happened
>> again this morning telling me I had to download the new version. I
>> thought this test was over??
>> * Every time I attempt to connnect to the internet I am stopped
>> because Norton Antivirus is blocking the Clean Access site becuase
>> it is unknown. If you already have anti-virus software it makes
>> this process extremely difficult, and you have to disable the
>> previous software in order to run the new software, and I have
>> paid a large amount of money to have my computer protected by my
>> other services.
>> * I had had a problem once. Everytime I tried to connect it would go
>> to the main screen and then my mouse cursor would start going
>> crazy....clicking very fast all on its own. No website would even
>> appear. It would continue doing the same thing even after I tried
>> restarting my computer several times. I decided to leave alone for
>> the next and the next day...everything was fine and I was able to
>> complete the process without any problems.
>> * At first, I only had a temporary connection for 20 minutes. During
>> that 20 minutes, I had to download a bunch of different things but
>> after 20 minutes, I would have to stop because I was no longer
>> connected. It took 9 hours just to get everything set up. Once I
>> did, my entire computer was running extremely slow. Every three
>> days I had to redo everything and that was a big inconvenience.
>> * It's working well.
>> * why do i have to re-login every few days....that kicks me off
>> IM...I don't like it!
>> * McAfee really slowed down my computer. I took Norton off of my PC
>> and it runs just fine now.
>> * I am very frustrated that I have been randomly kicked off line
>> (while I've been using the internet and instant messenger) only to
>> reaccept the clean access agent agreement and return to my work. I
>> knew that this was going to happen (since it was stated on the
>> instruction sheet-thanks for that info!), but I find this
>> frustrating and unnecessary. I'd really rather not have the
>> program on my computer. Plus, I don't know what it does and why I
>> need it, other than I can't get on the internet and it's suppose
>> to help prevent viruses. I had to work when Sean came to our
>> meeting, and I read what was given to me but I still don't
>> completely understand the need.
>> * No problems after setup
>>
>> What could BGSU have done to make this test easier?
>>
>> *
>>
>> I guess there really isn't anything to make it easier. It's just
>> going to be frustrating to you, if you impliment it to the whole
>> campus, because you will be getting a lot of calls.
>>
>> * It would have been nice if we were asked to volunteer to do this
>> instead of having no say.
>> * I think it woudl be easier for the RCC staff to come configure the
>> software on students' computers themselves
>> * I wish that we would have had advanced notice that this was going
>> to happen.
>> * Had people working later to help with the set up because I didn't
>> have internet for almost 2 days.
>> * Tell people it takes a while to load.
>> * The test itself is fine. The instructions were complete and I was
>> informed that I would be kicked off the network every 3 days or
>> so. However the fact that the system does boots me off the network
>> randomly every few days is very inconvenient, especially since
>> I've been working while it has happened.
>> * Made the setup easier. You should only have to update once.
>>
>> Is there anything else you wish to add that was not mentioned?
>>
>> * Once I finally was able to download the Clean Access software, it
>> told me that my login name was unknown and would not let me proceed.
>> * After making my complaint via email and phone, RCC was able to fix
>> everything on my computer so that it runs even better before.
>> * The test itself is fine. The instructions were complete and I was
>> informed that I would be kicked off the network every 3 days or
>> so. However the fact that the system does boots me off the network
>> randomly every few days is very inconvenient, especially since
>> I've been working while it has happened.
>> * It's annoying to have to update every three days. Once a week
>> would be better.
>>
>>
>
|