As a student at UCLA living in the Residence Halls, I am subject to the network policies laid out by Housing for ResNet. ResNet makes use of Network Access Control in the form of Impulse Point's SafeConnect system. SafeConnect consists of a client (Policy Key) to be installed on the user's computer as well as an out-of-band enforcer which conditionally grants access to the network and the wider internet based on the Policy Key's report of compliance with the network requirements (anti-virus, current patches, etc).
The SafeConnect Policy Key is provided for Microsoft Windows systems, though it does have a few (severely under-documented) conflicts that might cause a user to be prompted to install the Policy Key multiple times. (Searching around on Google led me to believe that this is generally caused by a firewall blocking communication between the Policy Key and enforcer, but this is by no means a definitive answer and is not provided by Impulse Point.) The Policy Key is also provided for Mac OS X.
However, users on alternative systems (such as Linux), are provided no SafeConnect Policy Key client. Instead, the system prompts the user to sign in with his or her organization credentials (e.g. some university or corporate logon). In once sense, this is an advantage, since there is no native client possibly collecting and reporting sensitive information. However, this method also seems like it has issues; in two instances I have been completely unable to access the authentication page and a person with administrator access had to manually give me access to the internet. Unfortunately, this means that users with Linux systems cannot reliably access the network/internet without administrator intervention. In a school this large, I cannot be the only student who uses Linux as my primary operating system, and thus I cannot be the only person to experience this problem. The ResNet staff are currently looking into the issue (I hope).
Other issues with SafeConnect are discussed in an article concerning bypassing SafeConnect.
On campus (not in the dorms), authentication is provided either by a Blue Socket portal or VPN. All on-campus wireless access points named UCLAWLAN provide no internet access until a user is authenticated, either through the portal or a VPN. SafeConnect, however, provides no special provisions for VPN connections and blocks all access until it is satisfied. If SafeConnect allowed users to connect to a VPN without the Policy Key, it could serve as a temporary solution.
Subscribe to:
Post Comments (Atom)
F1RST!
ReplyDeleteAnd this weekend