Technology@Wooster

Last summer, IT implemented a network access control (NAC) system in all student residential spaces.  The NAC is designed to prevent computers that are infected with viruses or worms and computers that are vulnerable to such infections from connecting to the campus network.  This will prevent the spread of infection and help to ensure that the campus network and other IT resources operate effectively.

When students arrived on campus at the beginning of the fall semester and plugged a computer into a network jack, the NAC required that the student authenticate and register the computer. Following registration, a software agent was installed on the student’s computer. This agent scanned the computer for infection and vulnerabilities. If infections or vulnerabilities were detected, the student was directed to the appropriate IT resource for assistance. During that initial semester of the NAC’s operation, infected or vulnerable computers were not prevented from accessing the campus network. This was done to promote a smooth implementation of the NAC. From now on, student computers found to be infected or vulnerable to infection will be prevented from accessing the campus network. Students with infected or vulnerable computers will be directed to the appropriate resource for assistance.

Additional information about the NAC can be found in the following locations. Questions about the NAC should be addressed to the student help desk at xHELP (x4357).

• Network Access Control Set to Debut
• Network Access Control Implementation Set
• Network Services & Wireless Networking

Over the course of Thursday and Friday, September 13th and 14th, the College experienced intermittent network difficulties. These difficulties impacted access to resources on the campus network as well as resources on the internet. These problems were tracked to a small number of personal computers infected with some type of virus. The virus was, in each case, generating a tremendous amount of network traffic. This traffic significantly degraded network performance. These computers were removed from the network at approximately 5:00 Friday afternoon. Following the removal network performance returned to normal. IT hopes to examine the infected machines to ascertain the nature of the infection. We regret any inconvenience the network difficulties may have caused.

As announced back in November, IT will implement a network access control (NAC) solution in all student residential spaces effective with the beginning of the 07-08 academic year. The NAC is designed to prevent computers that are infected with viruses or worms and computers that are vulnerable to infection from connecting to the campus network. This will prevent the spread of infection and help to ensure that the campus network and other IT resources operate effectively.

When students arrive on campus and plug a computer into a network jack, the NAC will require that the student authenticate and register the computer. Following registration, a software agent will be installed on the student’s computer. This software agent will scan the student’s computer for infection and vulnerabilities. If infections or vulnerabilities are detected, the student will be directed to the appropriate resource for assistance. During the first two weeks of the fall semester, student computers found to have infections or vulnerabilities will still be allowed to connect to the campus network. Thereafter, network access will be denied to such computers until the infections or vulnerabilities are addressed. Students bringing multiple computers to campus will have to register each machine individually.

Gaming devices and IP telephones are permitted on the network, but require setup by IT. To initiate this setup, send an email with the device type and the device’s MAC address to it-nac@wooster.edu. Setup should be complete within two business days. Hubs, routers, switches and wireless access points will not function on the network. Questions can be addressed to the student help desk at xHELP (x4357).

Over the weekend there was a tremendous spike in the amount of spam email arriving on campus. This spike taxed our servers and essentially halted the delivery of outgoing email. Messages were enqueued - they were not lost - and normal delivery has now resumed. We expect that the backlog of messages will be cleared sometime early this afternoon.

Last week 1.9 million email messages arrived on campus.

In the summer of 2007, IT will implement a network access control (NAC) solution in all student residential spaces. The NAC is designed to prevent computers that are infected with viruses or worms, and computers that are vulnerable to infection, from connecting to the campus network. This will prevent the spread of infection and help to ensure that the campus network and other IT resources operate effectively.

When students arrive on campus for next academic year and plug a computer into a network jack, the NAC will require that they authenticate. Following authentication the computer will be scanned for infection and vulnerabilities. If infections or vulnerabilities are detected, the computer will be denied network access and the student will be provided with information as to the nature of the problem, the steps required to remedy the problem, and where to obtain assistance.

To test the NAC and to gain experience with it, IT will implement this new service within our own offices prior to deployment in the residential spaces. This will help to ensure a smooth implementation for students. The NAC will replace the computer registration process that went into effect at the beginning of this academic year.

Additional information about the NAC and its implementation will be published on the IT blog as it becomes available.