Technology and Learning Resources

'Clean Access' Frequently Asked Questions

• What is Clean Access and why are we using it?
• How do I login?
• What if I need to update my computer to pass validation?
• Key Terms
• How does the Network Authentication and Validation system work?
• What Network Connections Require Validation?
• Why Are We Introducing this Solution Now?
• How Does Validation Work?
• What is Clean Access?
• What Validation Checks are being performed?
• How Long Do the Validation Checks Take?
• What Remediation is Available?

Q: What is Clean Access and why are we using it?

A: Starting in the fall of 2005, Solano Community College is taking a big step towards substantially reducing the effect of viruses and worms on our network and to safely provide student access to our network. To protect the network we all share, we have installed a new network admissions system from Cisco Systems called “Clean Access.”

Q: How do I login?

When you are using a connection to the campus network that is hooked to the Clean Access system, you will be automatically taken to a special web page when you start your web browser.

After you see this page, your browser should show:

Students:
A: You login using the button marked Guest/Student access. This will activate a scan of your computer for specific weaknesses or viruses. It takes about 60 seconds to complete. When it is finished, a pop up window is available to let you know what the scan detected. More importantly, if your computer “passes”, then you will have a choice of two buttons labeled “Accept” or “Decline”.

Once you click on “Accept” you will be granted access to the campus network.

Faculty and Staff:

A: You will also be directed to a web page the very first time. You should login using your email username and password. If you use Reflections to access the HP3000, then select “Administration” from the drop down menu entitled “Authentication Provider”. Otherwise, select “Faculty/Staff”. You will be prompted to download and install a copy of the Clean Access Agent software.

A download dialog box will appear and you can choose either Run or Save. If you choose Save, then you will need to navigate to the file you save and double click on it to run the installer.

A common Windows installation process will happen. Select Next on the first two dialog boxes, Install on the third, and Finish on the fourth.

The Clean Access Agent software should start. Login again with your email username and password and choose the correct “authentication provider” based on whether or not you use Reflections. After this initial installation, you will only have to login using this software

Q: What if I need to update my computer to pass validation?

A: You will see a screen that says you have “temporary access” to the network. In order to not have just temporary access, you need to complete the updates required.

You will see a message specifying what software needs updating. For example, your virus definitions will need to be updated on a weekly basis, at the very least. When you see the message that your virus definitions need updating, you should click on the update button. It will take about 60 seconds to update and then you will see a message saying that “The virus definition update has been launched successfully”.

You will notice that your copy of Symantec Live Update will start.  Wait for it to finish updating your virus definitions. 

After the update concludes (it will show 100% installed and then the box will disappear) you can hit “OK” and the click on the button marked “Next”.  Waiting for the update process to finish (not just the "launch") means that you will be successful when moving to the next step.

Key Terms

Network Access Process: The process of authentication and validation of your computer required for network access.

Authentication: The process of verifying your access to the network by confirming your username and password and associating it with your computer.

Validation: The process of confirming that certain security measures are in place on your computer.

Q: How does the Network Authentication and Validation system work?

A: The new computer security system performs the following functions:

• Require authentication to the network.
• Validate whether the system connecting to the network meets the minimum security standards.
• Quarantines the system until it meets the minimum security standards.
• Provides access to the remediation sites.
• Once the system is validated as “clean,” allows access to the network.

Q: What Network Connections Require Validation?

A. We are requiring validation for all office connections used by notebook computer users. Additionally, all open ports in public access locations like computer labs will be switched over as well. In time, we expect to deploy Clean Access at every connection to the campus network.

Q: Why Are We Introducing this Solution Now?

A: There are dozens of medium or higher rated worms (Zotob, Blaster, Nachi, Netsky, Sobig) that infect computer systems. We feel that the best way to prevent this from happening on our campus network is to insure that virus software and OS critical update/patches are current and maintained.

A machine placed on the network now takes longer to patch than it does to be infected.

Our firewall is a reasonably effective means of protection from external threats. With the recent increase in the use of notebook computers, the bigger threat now comes from within our network itself.

Q: How Does Validation Work?

A: The validation solution will “trap” any Internet browser access and redirect the user to a web page that instructs the user to download and install the validation client known as “Clean Access”.

Once launched, the client downloads the validation rules and processes these. If the workstation fails the test, it is allowed Internet access only to the remediation sites for a period of time. Once corrected, full network access is provided and a timer is set for the connection.

Q: What is Clean Access?

A: Clean Access is the client program that can check certain security settings on any Microsoft Windows PC to make sure that the system is up-to-date with required security patches and report this status to a Clean Access Server. No information about the user or the content of user files is sent to the server. Each user must use Clean Access for his/her Microsoft Windows PC in order to authenticate and use the network.

Q: What Validation Checks are being performed?

A: The following are some examples of validation checks that can be performed:

• Check for current Windows OS Patches for Windows machines.
• Check for current Symantec virus definitions for Windows machines.

Q: How Long Do the Validation Checks Take?

A: Most of the checks using the Agent can take between 15 seconds to a few minutes. A network check using the Guest login takes about 60 seconds.

Q: What Remediation is Available?

A: Microsoft Windows Patch Failure. If the user’s system fails the check for current critical OS patches, the user is instructed to click on the URL for the Microsoft Windows update site and follow the instructions.

A: Virus definitions. If the user’s system fails the check for current virus definitions, the user is prompted to “update”. This process will then download and install the latest definitions and the user is allowed access to the campus network. Many different anti-virus software products are supported including Symantec, McAfee, and others.

Web author: Jay Field