The Kutztown University residence hall network (ResNet) utilizes the Cisco Clean Access® network access control system in providing Internet access to all student-owned computers. The main features of this system include user authentication, vulnerability assessment and remediation. In short, the system requires students to log in and checks PCs for requisite software and potential vulnerabilities before granting full network access. Here's the basic flow:
If you own a compliant PC, you must simply provide your KU email user id and password in order to gain network access. If you own a non-compliant PC, you are provided online instructions for obtaining the necessary fix/update in order to make your computer compliant.
Although accessing the network via Cisco Clean Access is a simple and self-explanatory procedure for most students, a detailed description of the process follows.
User authentication
User authentication simply means you need to provide proper credentials (i.e. your KU email user id and password) in order to gain access to the network. There are two methods for entering this information: Web login and Clean Access Agent.
Web Login
Open any web browser, such as Internet Explorer, Safari, Firefox, Opera, etc. If your network settings are configured properly, you should be automatically redirected to the authentication page (at right).
Once you have read and understand the Network Acceptable Use Agreement, enter your KU email user id and password and click Continue (use kutztownLDAP or kutztownLDAP_2 as the provider). The system will tell you if you enter an incorrect user id and/or password.
| Note: |
|---|
| Web login is the user authentication method for all Macintosh and Linux computers. Windows PCs are required to authenticate using the Clean Access Agent (See Clean Access Agent instructions below). |
Forgot your user id or password?
If you forgot or don't know your KU email user id or password, click the Guest Access button on the authentication screen. This redirects you to the account activation screen where you can activate y our KU email account and/or enter a new password.
Clean Access AgentIf you have a Windows PC, you need to install the Clean Access Agent and use it to log in. To obtain the agent, log into the network using the web login method. You'll automatically be redirected to the Clean Access Agent Download page.
Click the Download Clean Access Agent button. Although you can choose to open (i.e. install) the file directly, we recommend saving it to your hard drive so you can re-install at a later time, if necessary.
After the CCAAgent_Setup installer is saved, double-click to install and simply follow the wizard installation instructions. The entire process should only take a minute or two.
Once Clean Access Agent is installed the login window will appear automatically whenever your computer attempts to connect to the network. Enter your KU email user id and password and click Login. (Note: Select kutztownLDAP or kutztownLDAP_2 as the authentication provider.)
| Note: |
|---|
| If, after installation, the Clean Access Agent login window doesn't appear automatically, you probably have an installed firewall (e.g. Norton Internet Security) preventing the window from popping up. To bypass this problem, modify you firewall rules to always permit Clean Access Agent (port 8905). The method for modifying the rules varies depending on the firewall you're running. The firewall built into Windows Vista/XP (default settings) does not block the Clean Access Agent login window. |
Vunerability assessment
After you successfully log into the system, Clean Access checks your computer for vulnerabilities to make sure it meets the necessary security requirements for connecting to the network. Only compliant computers are granted full network access.
What are the requirements for access the network?
It's possible that the minimum requirements may vary from time to time in order to remain proactive in preventing new viruses and trojans from infiltrating the network. Here are the current specific requirements that Clean Access checks.
If no vulnerabilities are found, your computer is considered compliant and is granted full network access. If vulnerabilities are found, your computer is moved into remediation.
Remediation
If your computer fails the vulnerability assessment, it is moved into remediation, and you are provided with directions for fixing/updating it. You are given temporary network access (to limited sites) in order to download any necessary software. Clean Access makes the distinction between REQUIRED and OPTIONAL software.
Missing REQUIRED Software
Required software must be installed/configured before your computer is granted network access. If you computer is missing required software, just follow the on-screen directions and click the Go To Link (or Download) button. Depending on the requirement, you'll either need to download and install required software or simply adjust your current settings. Because this is a mandatory requirement, you must install/configure the software properly before full network access is granted.
Missing REQUIRED Software
Required software must be installed/configured before your computer is granted network access. If you computer is missing required software, just follow the on-screen directions and click the Go To Link (or Download) button. Depending on the requirement, you'll either need to download and install required software or simply adjust your current settings. Because this is a mandatory requirement, you must install/configure the software properly before full network access is granted.
Missing REQUIRED Antivirus Update
If your computer isn't running the latest virus definitions, Clean Access non only makes you aware, it also updates the virus definitions for you. Just click the Update button to automatically launch the antivirus update. Once the antivirus software is successfully updated, you can click the Next button to continue logging in.
Clean Access works with many different antivirus software vendors. Click here for a complete list of approved antivirus software.
| Important: |
|---|
| If you experience problems updating your antivirus software via the Update button, try updating directly from your antivirus program. The timer located in the upper-right corner of the Agent login window shows exactly how long you have access to all the approved antivirus vendor sites. |
Removing Clean Access Agent
The Clean Access Agent is required in all residence halls on campus. If you connect your computer to the campus network somewhere other than in a residence hall, the Clean Access Agent is not required and simply will not appear.
Once you leave campus, you'll probably want to remove the Clean Access Agent. To do so, from the Start menu select Programs, Cisco Systems, Cisco Clean Access, Uninstall Clean Access Agent.