CLEANACCESS Archives

November 2007

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Dual Booting Mac OS and XP
From:
James Moskwa <[log in to unmask]>
Reply To:
Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:
Tue, 6 Nov 2007 16:56:31 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (107 lines) 
At the start of school a Mac user came in to ask why they weren't being run
through CCA when using there MacBook. It turns out that he had gone through
CCA with the MAC OS running which captured his systems MAC. Then he would
re-boot into his Windows OS and would not even get snagged (this was with a
wireless connection , which we run through an in-line CAS). Same system MAC
regardless of OS. The only way his Windows OS would get caught would be if
he went on line running Windows after the weekly clearing of the certified
list.

Regards,
-Jim

Jim Moskwa
Manager Networks & Security
Information Technology Department
Johnson & Wales University
8 Abbott Park Place
Providence, RI 02903
Office: 401-598-1556
Fax: 401-598-1329
Email: [log in to unmask]


On 11/6/07 4:18 PM, "Hennessey, Sean" <[log in to unmask]> wrote:

> We had this same problem with Macs running Parallels with Windows active
> along side of OSX - The Windows side would get a free-ride through CCA
> and was not even inheriting the security overlain on the Mac connection,
> let alone remediation.  It was fixed with changing a setting within
> Parallels and apparently is being fixed in newer updates to Parallels as
> well...
> 
> I don't know the switch setting to fix it, though.  I can check with our
> Mac guy if needed.
> 
> - Sean
> 
> ------------------------------------------------------------------------
> -----------
> Sean Hennessey
> Network and Information Security Systems Administrator
> University of Portland
> (503) 943 -7877
> [log in to unmask]
> 
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] On Behalf Of Eric Kenny
> Sent: Tuesday, November 06, 2007 12:45 PM
> To: [log in to unmask]
> Subject: Re: Dual Booting Mac OS and XP
> 
> That's odd that you are having that happen.  When you reboot any
> computer, it does a link down, which should send an event to the
> CAM.  Are you sure they weren't just running Windows in a virtual
> machine via Vmware or Parallels?  Only way I can think of to stop
> that would be to enable L3 Strict mode, but that will break anyone
> using NAT devices on the rest of your network.
> 
> Eric J. Kenny
> Network Analyst
> Marist College
> 3399 North Rd.
> Poughkeepsie, NY 12601
> 845.575.3820
> 
> 
> On Nov 6, 2007, at 3:34 PM, Matt Moore wrote:
> 
>> We have discovered that students are circumventing CCA checks by
>> booting to the Mac side of an Intel based Mac, authenticating to
>> CCA and rebooting to the windows side.  We discovered this by
>> flagged network activity that resulted in the MAC address being
>> blocked on a Mac according to their logs and discovered the student
>> logged into a windows OS when it was brought in.  As a result the
>> Windows side is not going through any checks.
>> 
>> 
>> 
>> Does anyone have any ideas how to ensure that the network is
>> protected from the Windows side.  Our Heartbeat Timer is set to 5
>> minutes.  What is the shortest time that others are using without
>> problems?
>> 
>> 
>> 
>> It also raises the question could a user use a virtual machine with
>> a Linux install, login through the Linux side, and then run windows
>> without any checks?
>> 
>> 
>> 
>> 
>> 
>> Matt Moore
>> 
>> Director of Information Technology
>> 
>> Dakota Wesleyan University
>> 
>>  P Think Green!   Before printing this e-mail ask the question, is
>> it necessary?
>> 
>> 
>> 
>>

ATOM RSS1 RSS2