Access the UD Network - FAQ
-
What is Network Access Control (NAC)?
NAC is a solution provided by Cisco, Inc. that performs user authentication and network validation. The software performs the following functions:
- Requires authentication to the network
- Validates whether the system connecting to the network meets minimum security standards
- Quarantines non-compliant systems until they meet the minimum security standards
-
Why does UD have a NAC system?
UD works to maintain an open network, but with the number of users and machines accessing our infrastructure, we need a few controls in place to help us avoid intentional or unintentional user actions that might negatively impact other users or take down segments (or all!) of the network.
-
How does NAC work?
Before users can connect to UD's network, they are prompted to log in with their LDAP/Novell credentials. In the past, this has been handled through a web page login, but NAC will require users to install a small application (or "agent") that will let users log in before opening a web browser. Once a user logs in to the NAC agent, his computer will be quickly scanned (about 30 seconds) to ensure it meets baseline security requirements. If it meets these requirements, the user will obtain network access; if not, the user will be provided with steps to correct the problem and temporary, limited network access.
-
What is the NAC agent?
The NAC Agent is a small program that runs on Windows and Macintosh machines. Once the agent is installed on a machine, it performs authentication to the network as well as system checks to make sure machines meet minimum security standards.
-
Who is required to use the NAC system . . . and where?
You need to log in to NAC anytime that UD is acting as your network service provider (in other words, when you are on campus). However, if you are connecting to UD network resources (e.g., Lotus Notes, Novell directories) away from campus, you will not be prompted to log in to NAC (e.g., accessing your Notes account using your RoadRunner service at home).
-
What security requirements must my computer meet to access UD's network?
Your computer must:
1) Have Windows updates enabled
2) Have the Symantec EndPoint Protection (SEP) security software installed
3) Have the NAC agent installed? -
How do I ensure my computer can get on UD's network?
Instructions for getting your computer in compliance vary slightly depending on whether you are a new, returning, or graduate student.
Go to the instructions for new students >>
Go to the instructions for returning students >>
Go to the instructions for grad students >> -
How does the validation process work?
When a user authenticates to the network through the NAC agent, the computer is then checked to make sure it meets the validation requirements. If a user fails validation they are put into a temporary role where they will be able to apply patches to their machine in order to meet the validation requirements.
-
How often will I be revalidated?
Validation is required every time you log into the network. However, if you stay logged in on a computer you will be required to validate after regular maintenance to the NAC Environment when all users are required to be logged out.
-
What does "temporary access" entail?
If your computer is not compliant with campus security requirements OR if you are not able to install the appropriate software (e.g., company-owned machines), you can bypass the system by selecting "temporary access". This will allow you 90 minutes of limited connectivity after which you'll need to re-authenticate to the network.
-
Why doesn't the NAC-agent "Remember Me" check box work?
The "Remember Me" check box in the agent is session-based. This means that the agent will remember your username and password until you log off the computer or the computer is restarted or shutdown. Please note that putting the computer into hibernation will NOT clear the username and password.
-
How do I log in to the network from a general access machine (e.g., in Roesch Library, computer labs, UD-issued work computer)?
The NAC requirement is associated with your username (not your computer), so you'll be prompted to log in to the network from any campus computer. If you receive a message that the computer does not meet campus security standards, contact the computer owner or your supervisor about patching the machine to meet campus standards.
-
What happens with the NAC Agent when I take my computer off campus?
When the agent detects that it is no longer connected to the UD Network it simply goes to sleep and will not pop up.
-
Is there an agent and security standards for Macintosh Users?
There is an agent available for Macintosh and similar requirements are mandatory to gain access:
1. Symantec security software installed, updated, and running
2. Apple software updates turned on and pointing to a valid update server
-
Is there an agent for Linux Users?
Currently there is no agent available for any of the Linux distributions. Linux users will need to authenticate via the web login.
-
What about PlayStations, Xboxes, Wii Systems, etc.?
Gaming devices must be registered with University of Dayton Information Technologies to access the Internet. Visit http://gaming.udayton.edu for information on registering your gaming device. Once registered, the device will be granted access to the Internet.
-
Will this impact my cell phone?
Users of wi-fi-enabled devices on campus will be redirected to a web authentication page and required to log in.
-
Who do I contact if I have more questions about NAC?
Please send any additional questions about NAC to PCHelp@notes.udayton.edu
