Re: Cisco Clean Access & Impulse Point...

[Michael Cole <mcole () CLARKU EDU>]

FYI for the list:

    We've been using a product called Campus Manager to the past few years
from Bradford networks, www.bradfordnetworks.com
<http://www.bradfordnetworks.com>   they're a small start up in NH but
they've been growing and have an awesome product that sits off line and is
very flexible in what it can do based on what you want/need.  It does both
network registration and remediation/quarantine functions.  It's worth
looking into if your looking for a solution.  We've been very happy with it.

Mike

Michael A. Cole
Network Engineer, Information Technology Services
Clark University, Worcester MA  01610
508.793.7772
Mcole () clarku edu

-----Original Message-----
From: Mark Staples [mailto:mstaples () MAIL MCG EDU]
Sent: Thursday, July 14, 2005 3:41 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Cisco Clean Access & Impulse Point...


Anyone pilot both CCA and Impulse Point ( http://www.impulse.com/
<http://www.impulse.com/> )?  Impulse Point was designed for higher ed and
is priced very attractively.  So far, we've only seen presentations and
nothing live.

Any feedback would be great.

Mark

-----
Mark Staples
Director of Information Security/Chief Information Security Officer
IT Research Liaison
Medical College of Georgia
Office: 706-721-1577
mstaples () mcg edu <mailto:mstaples () mcg edu>

--------

All information in the communication, including attachments, is strictly
confidential and intended solely for delivery to the addressee(s) identified
above (ie, To/cc/bc), and may contain privileged, confidential, proprietary
and /or intellectual property entitled to protection from disclosure under
applicable law.  If you are not the intended recipient, please take note
that any use, distribution or copying of this communication is unauthorized
and may be unlawful.  If you have received this communication in error,
please notify the sender, delete this correspondence from your computer, and
destroy any printed copies of this communication.

> > > franklin () TXSTATE EDU 07/14/05 3:13 PM >>>

This is a response from our network lead who implemented CCA a month or
so ago:

I got tired of trying to keep up with the IP's used for windows update.
Using the host names is much better, but even then it's a moving target.
Microsoft sometimes adds new sub domains and in the latest version of
the update page it's a url under microsoft.com.

We are allowing traffic to everything ending in microsoft.com and
g.msn.com. That way the updates always work (so far) and students can
search for and download patches manually. There are cases when windows
update claims that a machine is fully patched but it is still missing
something. The helpdesk can tell what's missing from the reports and the
student can search for KBxxxx and download and install it manually.

Anders Engle
Systems Programmer I
Texas State University

-----Original Message-----
From: Flagg, Martin D. [ mailto:FlaggMD () HIRAM EDU]
<mailto:FlaggMD () HIRAM EDU]>
Sent: Thursday, July 14, 2005 1:13 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Windows Updates and Cisco Clean Access


We are implementing Cisco Clean Access (formally Perfigo).  It has gone
really well but we keep coming up with problems with Windows Update, it
fails because CCA is blocking the IP.  When this happens, I use a
sniffer and add the new IP address that Microsoft is using and then it
works, until they change address's again.  Cisco says use the Host
setting allowing requests that end in "update.microsoft.com".  This does
not always work.

I am really at a loss because it works for 95% of the machines but I can
not afford to have 5% of the students in my office when they get back
from the summer.

Any Ideas?

Martin Flagg
Hiram College