Information Technology

Clean Access is here!

Clean Access logo

Clean Access Overview
Connecting to Clean Access
Clean Access FAQs

Clean Access is one of several components of the new network designed to keep Rice computer users safe from malware, viruses, worms, hackers, and other forms of attack.The new network is a resource that Rice community members and collaborators depend upon and share. To keep this important resource viable, IT must verify that the systems, applications and devices connected to the new network are clean and entail at least a minimal level of self-protection.

When a computer --or independent device such as a PDA or game console-- connects to the Rice network and that machine is not assessed as a "safe"machine, its owner will be directed to information and resources which can be applied to bring the machine up to an acceptably safe configuration.

Rollout

As buildings are added to the new network, computers in that building will begin utilizing Clean Access.

What Clean Access does not do:

Cisco Clean Access only ensures your computer is running updated anti-virus software and that Windows updates (patches) are installed.

Like a state inspection for your car

Like the periodic state inspection for an automobile, Clean Access does not look at where you drive or how you use your vehicle. It only checks to make sure required systems or components are in place.

Instead of brakes and anti-pollution requirements, Clean Access checks for system patches and anti-virus protection.

If a car does not pass a state inspection assessment, it can be removed from public streets and highways. Similarly, a computer that does not pass the Clean Access assessment is prevented from navigating through the thoroughfares of the Rice network.

When an automobile inspector discovers a requirement that is unmet in a vehicle, he or she reports this deficiency to the owner and suggests ways to bring that element up to the required level. In the same way, Clean Access will point out missing requirements for safe network access but the computer owner is responsible for implementing the changes. Clean Access can't upgrade a computer or apply a patch; it can only identify improvements that need to occur and instruct the owner on how to do so.

Guide to connecting your gaming console

This guide will show you how to find the MAC address needed to register your machine.

What if I have more questions?

Read the Clean Access FAQ page. If that doesn't help, contact the Help Desk at 713.348.HELP(4357).

Connecting to the New Network through Clean Access

The new campus network can provide high-speed --1Gpbs (1 Gigabit per second)-- connectivity to the Internet and Rice campus resources. In addition, the new network provides access to the Internet for campus visitors while retaining a secure environment for Rice University students, faculty, and staff members.

To prevent degradation of speed and stability, all computers that attempt to connect to the Rice network must successfully pass through the Clean Access application.

Clean Access does not review any of the data on your personal computer, it only scans your operating system for current patches and checks for the presence of anti-virus software.

If your machine is running updated anti-virus and current security patches for your operating system, you will simply accept the Appropriate Use of Computing Resources policy and enter the Rice network.

Links to other Clean Access Pages:

Clean Access FAQ

Q. What is “Clean Access”?
A. Clean Access is a Cisco product which helps ensure that devices connecting to our campus network are safe and secure. It also places these devices in the correct network based upon their parameters.

Q. Who will be using it?
A. All Rice network users and our guests will use it.

Q. What will I have to do?
A. The operating system (Windows, Macintosh, Linux, etc) of the computer and your role on campus (student, staff, visitor, etc) will determine how you will access the network.

When your computer or mobile device first contacts the new network, a web page prompt will guide you through a standard process for assessing your system and authenticating your machine for network access. If your mobile device, printer, or game console does not have a screen to display this web page prompt, you can manually register this device from a computer with a web browser.

Q. How often will I have to do this?
A. The answer varies according to your role at Rice. The goal of employing a tool like Clean Access is to mitigate risk with the least possible disruption to productivity. The time span between assessments will be a balance between these two objectives (mitigating risk to the new network versus customers' low tolerance for productivity disruptions).

Currently, undergraduate students will be required to go through the process at the beginning of each semester.

Q. What is Clean Access Agent?

A. Clean Access Agent is a client application that will check certain security settings on your Microsoft Windows PC to make sure that your system is up-to-date with required security patches and report this status to the server. No personal information about you is sent to the server.

Q. What does the Clean Access Agent actually check?
A.The Clean Access Agent checks that anti-virus software should be installed, is updated, and is running periodically. It also makes sure Windows automatic updates are already ON.

The four things you need to successfully pass the check are:

Q. What anti-virus software does the Cisco Clean Access Agent support?
A. Cisco Clean Access supported anti-virus software (or clients) include:

Q. Where can I go for updates and virus protection?
A. You should keep current with Microsoft updates as well as download an antivirus program. Rice supports Trend Micro's PC-Cillin client.

Q. How does Validation work?
A. The validation solution will “intercept” any Internet browser access and redirect the user to a web page that instructs the user to download and install the validation client known as “Clean Access Agent”. Once launched, the client downloads the validation rules and processes these.

Q. How does Validation work for Linux, Macintosh, and Non-Windows users?
A. Linux, Macintosh and Non-Windows users must authenticate by logging in via a web page.

 

Q. How will I know when I am logged out of the network?
A. Indications that your network connection has been terminated are:

Q. I use a personal firewall; will this cause a problem?
A: Usually no. In most cases, a personal firewall will work fine. Depending upon the firewall product you will receive several pop-up windows requesting “ok to proceed”. Some of the personal firewalls are:

Q. What am I allowed to access when Unauthenticated or Quarantined?
A. For the most part, remediation and help sites such as windowsupdate.microsoft.com.

Q. I'm on a Macintosh or Linux machine. I've opened my browser but I am not redirected to a login page. What do I do?
A. You must try to go to a non-local site such as www.google.com.

Q. How do I know Clean Access Agent is running?
A. Look in the “System Tray” for in the lower right corner near the time display. You may need to select the “<<“to expand the list and show Clean Access Agent.

 

Thanks to Ashland University for help with this FAQ

Links to other Clean Access Pages:

 
 
 

 
  
6100 Main, Houston, Texas 77005-1827
Mailing Address: P.O. Box 1892, Houston, Texas 77251-1892
© Copyright Rice University
Page content reviewed: 4/21/2008 by Marc Scarborough. Markup: 4/21/08 by Carlyn Chatfield

Rice University Rice University Information Technology