LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

July 2005

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS July 2005

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Re: Clean Access Test Results
From:	ken whittaker <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Thu, 28 Jul 2005 08:04:57 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (268 lines)
   How would one go about de-certifying in bulk.   This is something that
 we want to be able to do , we just had CCA installed and one of our
 questions to the installer was how to log the users off in bulk at a
 certain time.. He said that there was no mechanism to do that.  So I'm most
 curious how your doing this ...

  ken --- 

Ken Whittaker
Network Manager
Information Technology Group

Keene State College
229 Main St
Keene NH, 03435

Voice:      603.358.2537
Fax:         603.358.2780

E-Mail:    [log in to unmask]


> From: "Flagg, Martin D." <[log in to unmask]>
> Reply-To: Perfigo SecureSmart and CleanMachines Discussion List
> <[log in to unmask]>
> Date: Wed, 27 Jul 2005 11:55:53 -0400
> To: <[log in to unmask]>
> Subject: Re: Clean Access Test Results
> 
>  We have thought about changing the heartbeat session timer set to 16-24
> hours so that users are not kicked if they turn off the computer
> overnight.  We have a student environmental action group on campus that
> has successfully convinced students to turn their computers off when
> they are not being used.  We are planning on de-certifying all machines
> at 4:00 am Monday morning, every week.  Any comments or suggestions?
> 
> 
> Martin D. Flagg
> Network Engineer/Administrator
> Hiram College
> PH:  330-569-5376
> FAX: 330-569-5462
> email: [log in to unmask]
> -
> If you lend someone $20,
> and never see that person again,
> it was probably worth it.
> 
> 
>  
> 
> 
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of Homer Manila
> Sent: Wednesday, July 27, 2005 11:27 AM
> To: [log in to unmask]
> Subject: Re: Clean Access Test Results
> 
> Oh, forgot to mention: We have the heartbeat session timer set to 2
> hours, which should force users to login again, if their machines have
> been off that long.  Also, we are still deciding if we will force
> re-certification at some more frequent regular interval like 1-3 weeks
> at a time, to force scanning of machines running the agent that aren't
> being made to log-in as much.  One of the timeouts is decertifying
> people, according to our graphs, wish I knew which one!
> 
> Also in regards to dhcp lease times: if it still renews to the same ip,
> they still won't be forced to log in. So, disregard what I said earlier
> :)
> 
> --Homer Manila
> Network Security Administrator
> Office of Information Technology
> American University
> 
> Homer Manila wrote:
>> Changing network/internet access from having no requirements to CA can
> 
>> be frustrating to the students. Telling them that implementing it will
> 
>> make their machine more secure and the network happy sometimes isn't
>> enough.  It helped that we had numbers to back up our decision to
>> implement CA: Last year alone, we had over 1200 virus tickets that
>> resulted in a loss of over $100k in man-hours and downtime.  Those are
> 
>> good numbers to give budget/funding too, if you have it.
>> 
>> I would also suggest increasing your temporary access time to at least
> 
>> 2 hours, which is what we did, to facilitate some of the longer
>> downloads(sp2). Increasing your session timeout might be a good thing
>> too; we actually don't have a timeout set for our users.  Since CA
>> will make you log in after the mac-address to ip-address combo is
>> void(dhcp lease time has expired and the user receives a new ip, user
>> moves to another subnet, etc), it will make the user sign-on again. If
> 
>> your dhcp lease times are set higher, the user will keep their ip
>> address longer, and have to sign-on less.  Plus, we plan on forcing
>> re-certification after every year or semester is over.
>> 
>> --Homer Manila
>> Network Security Administrator
>> Office of Information Technology
>> American University
>> 
>> 
>> Sean Ward wrote:
>> 
>>> We (Bowling Green State University) recently performed a very small
>>> test of Clean Access/Perfigo in a residence hall where we have about
>>> 20 students living because of conferences and the like.  Of the 20,
>>> about 14 had computers that connected, of which 10 filled out a
>>> survey on our website.
>>> 
>>> Included below are the responses we received.  For those of you who
>>> have been testing or have finished testing Clean Access, what type of
> 
>>> response did you get from the students?  Were they similar to ours?
>>> In what ways did you convince those in charge of the budget/funding
>>> that it was worth the cost?
>>> 
>>> In an occurrence that could only be defined as "awesome", the
>>> instructions document is corrupted, so I cannot attach, include, or
>>> link to it until I take time to recreate it.
>>> 
>>> Any and all responses would be appreciated.
>>> 
>>> Thanks,
>>> Sean
>>> 
>>> Did you have any issues with the documentation? If so, what were
> they?
>>> 
>>>    * When trying to download clean access it kept comping up with a
>>>      message that said you must open excutiable file something,
>>>      something, something?? and I had no clue what it was talking
>>>      about, so I played around and finally figured it out. That was
>>>      confusing at first and somewhat frustrating
>>>    * I guess my default settings were making it difficult to
> configure
>>>      the software
>>>    * Some of the windows that popped up, such as the temporary
>>>      connection to the network, were not in the manual so I had to
>>>      click on what I thought was right.
>>>    * I tried to get it to loadfor 3 hours with no luck. Finally RCC
> had
>>>      to come and install a new web browser. Now it works just fine.
>>>    * The documentation was fine.
>>>    * I had no problem installing the software and getting back on the
>>>      network. The instructions were thorough and I appreciated the
>>>      screen shots that were included.
>>>    * It made me update fifty million times when I first got on.
>>> 
>>> Have you had any issues connecting to the network or Internet since
>>> having the software installed? If so, how many times did this happen,
> 
>>> what type of issues were you having, and what were you doing at the
> time:
>>> 
>>>    * Every so many days it would kick me off the network and I'd have
>>>      to restart my computer to be able to connect to the internet.
> This
>>>      is very frustrating and annoying, especially since it happened
>>>      again this morning telling me I had to download the new version.
> I
>>>      thought this test was over??
>>>    * Every time I attempt to connnect to the internet I am stopped
>>>      because Norton Antivirus is blocking the Clean Access site
> becuase
>>>      it is unknown. If you already have anti-virus software it makes
>>>      this process extremely difficult, and you have to disable the
>>>      previous software in order to run the new software, and I have
>>>      paid a large amount of money to have my computer protected by my
>>>      other services.
>>>    * I had had a problem once. Everytime I tried to connect it would
> go
>>>      to the main screen and then my mouse cursor would start going
>>>      crazy....clicking very fast all on its own. No website would
> even
>>>      appear. It would continue doing the same thing even after I
> tried
>>>      restarting my computer several times. I decided to leave alone
> for
>>>      the next and the next day...everything was fine and I was able
> to
>>>      complete the process without any problems.
>>>    * At first, I only had a temporary connection for 20 minutes.
> During
>>>      that 20 minutes, I had to download a bunch of different things
> but
>>>      after 20 minutes, I would have to stop because I was no longer
>>>      connected. It took 9 hours just to get everything set up. Once I
>>>      did, my entire computer was running extremely slow. Every three
>>>      days I had to redo everything and that was a big inconvenience.
>>>    * It's working well.
>>>    * why do i have to re-login every few days....that kicks me off
>>>      IM...I don't like it!
>>>    * McAfee really slowed down my computer. I took Norton off of my
> PC
>>>      and it runs just fine now.
>>>    * I am very frustrated that I have been randomly kicked off line
>>>      (while I've been using the internet and instant messenger) only
> to
>>>      reaccept the clean access agent agreement and return to my work.
> I
>>>      knew that this was going to happen (since it was stated on the
>>>      instruction sheet-thanks for that info!), but I find this
>>>      frustrating and unnecessary. I'd really rather not have the
>>>      program on my computer. Plus, I don't know what it does and why
> I
>>>      need it, other than I can't get on the internet and it's suppose
>>>      to help prevent viruses. I had to work when Sean came to our
>>>      meeting, and I read what was given to me but I still don't
>>>      completely understand the need.
>>>    * No problems after setup
>>> 
>>> What could BGSU have done to make this test easier?
>>> 
>>>    *
>>> 
>>>      I guess there really isn't anything to make it easier. It's just
>>>      going to be frustrating to you, if you impliment it to the whole
>>>      campus, because you will be getting a lot of calls.
>>> 
>>>    * It would have been nice if we were asked to volunteer to do this
>>>      instead of having no say.
>>>    * I think it woudl be easier for the RCC staff to come configure
> the
>>>      software on students' computers themselves
>>>    * I wish that we would have had advanced notice that this was
> going
>>>      to happen.
>>>    * Had people working later to help with the set up because I
> didn't
>>>      have internet for almost 2 days.
>>>    * Tell people it takes a while to load.
>>>    * The test itself is fine. The instructions were complete and I
> was
>>>      informed that I would be kicked off the network every 3 days or
>>>      so. However the fact that the system does boots me off the
> network
>>>      randomly every few days is very inconvenient, especially since
>>>      I've been working while it has happened.
>>>    * Made the setup easier. You should only have to update once.
>>> 
>>> Is there anything else you wish to add that was not mentioned?
>>> 
>>>    * Once I finally was able to download the Clean Access software,
> it
>>>      told me that my login name was unknown and would not let me
> proceed.
>>>    * After making my complaint via email and phone, RCC was able to
> fix
>>>      everything on my computer so that it runs even better before.
>>>    * The test itself is fine. The instructions were complete and I
> was
>>>      informed that I would be kicked off the network every 3 days or
>>>      so. However the fact that the system does boots me off the
> network
>>>      randomly every few days is very inconvenient, especially since
>>>      I've been working while it has happened.
>>>    * It's annoying to have to update every three days. Once a week
>>>      would be better.
>>> 
>>> 
>>
ATOM RSS1 RSS2
LISTSERV.MIAMIOH.EDU