From what I've seen most of the users who come in with no security
patches installed and no AV are the "honest users" who don't know how
to install updates let alone spoof their OS. Most of our tech-savy
students know enough to keep their machine protected and up-to-date
out of their desire to protect their equipment.
Michael Simpson
Network Engineer
Utah Valley University
On Jun 25, 2010, at 8:43 AM, Stelfox, Samuel G @ VTC wrote:
What's the point of using that at all then? Sure it will catch most
of your users, but the ones that are smart enough to notice this and
spoof their user agent will completely bypass having to install the
agent. Identifying a device by the web browser's user agent doesn't
seem to be any form of security. If you've already identified them
using 802.1x and are allowing a loop hole like this why have it at
all? It will only keep honest users honest.
Sam Stelfox
Network Administrator
Vermont Technical College
________________________________________
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [[email protected]
] On Behalf Of Dennis Xu [[email protected]]
Sent: Friday, June 25, 2010 10:09 AM
To: [email protected]
Subject: [WIRELESS-LAN] Mobile devices and NAC
Just want to check how other people deal with mobile device with
NAC? We use Cisco NAC and configured "not require agent" for mobile
devices, but the problem is they have to open the browser first
(even they have already been authenticated using 802.1X) to become
online users in NAC before they can use any other applications(email
clients, calendar, etc). Cisco NAC detects the user O/S after user
opens the browser. So no browser open, no other network connectives.
This has caused many frustrations. How do you make the mobile
devices work with NAC without these pains? If you use MAC filter to
bypass NAC, how do you manage and maintain the filter list? Any
suggestions are appreciated!
Dennis Xu
Network Analyst
Computing and Communication Services
University of Guelph
5198244120 x 56217
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at http://www.educause.edu/groups/
.
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at http://www.educause.edu/groups/
.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
