Thursday, February 25, 2021

Have one of theses icons?


Click for more info on the Bradford Client!

Network Access Control at ESF:

Network Access Control (NAC) is a network security system that allows or denies access to a network based on a set of policies or standards. If there is a policy or standard violation, a device (PC, Mac, wireless device, etc.) can be isolated until the issue is rectified. The ultimate purpose of the campus NAC system is to secure the network and those using it by ensuring that the devices connected meet minimum standards.

Common scenarios for the use of such a system include:
  1. Isolate unknown devices/systems until they can be registered/bound to an individual using a valid username and password. Only valid users can connect devices to any given network when NAC is enforced. For guest access to wired systems, please e-mail the CNS Helpdesk. Guest access on the ESF wireless network is currently not offered.

  2. Isolate a device when its operating system or software becomes out-dated.
    When the system has been updated, it is removed from isolation and returned to normal service.

  3. Isolate a device/system when its security software becomes out-dated.
    When the software has been updated, the device/system is removed from isolation and returned to normal service.

  4. Isolate a device/system when a malware infection (spyware, trojan, virus, etc.) is detected.
    When the system has been cleaned of infection, it is removed from isolation and returned to normal service.

  5. Isolate a device/system when a user policy violation had been encountered.
The bottom line is that if your registered device stays up-to-date in terms of both operating system updates and security software updates, you will maintain a connection to the ESF Campus Network.

NAC system components:

The typical NAC system consists of a combination of network hardware, user software, device standards, and user policies.

Important Note:

It is important to note that the Network Registration process and the Network Access Control System, including the Bradford Persistent Agent, in no way monitor, or facilitate monitoring, the activities of individual users on the ESF Campus.
Phases of NAC at ESF:
Passively register unknown domain PCs to their users and install the NAC security agent. This phase is complete at ESF. All PCs joined to either the ESFADMIN or AD domains at ESF/SU have been registered to their users. Additionally, the Bradford Persistent Agent  has been installed on all of these PCs. This process started in June of 2011.
Ask users to register unknown devices, not in either the ESF or SU domain, and install the NAC security agent. This is the current focus of effort at ESF. Users of non-domain PCs and Macs are encouraged to go to, log in, and install the Bradford Persistent Agent. The Bradford Persistent Agent is a small program that verifies your Antivirus, Antispyware, and Operating System are up to date.

Enforce the registration of unknown devices on the ESF Campus Network. During this phase, unknown devices will be isolated until they are registered to an individual and have the proper security software installed.

Actively enforce the ESF Campus Network Access Standard on all devices connecting the Campus Network.