CCA Home > Clean Access Agent FAQ

Key Terms

  • Network Access Procedure: The process of authentication and validation of your computer required for university network access.
  • Authentication: The process of verifying your access to the network by confirming your username and password and associating it with your computer.
  • Validation: The process of confirming that certain security measures are in place on your computer.
  1. Q: What is Clean Access?

    A: Clean access is a solution provided by Cisco, Inc. that performs network validation. The software performs the following functions:

    • Require authentication to the network
    • Validate whether the system connecting to the network meets the minimum security standards.
    • Quarantines the system until it meets the minimum security standards.
    • Provides access to the remediation sites.
    • Once the system is validated as "clean," allows access to the network.

    Top of page

  2. Q: What Networks Require Validation?

    A: All residence halls, and all wireless connections will require validation.

    Top of page

  3. Q: Why Did We Introduce This Solution?

    A: Each semester, student machines are introduced to the campus that potentially contain harmful viruses and malware. On move-in weekend in particular, worms and viruses attempt to spread to unpatched/vulnerable machines. The college has determined that the best way to prevent this from happening is to insure that virus software and Operating System critical update/patches are current and maintained.

    Top of page

  4. Q: How Does Validation Work?

    A: This solution will redirect any Internet browser request to a web page that instructs the user to download and install the validation client known as the Cisco Clean Access Agent. Once launched, the client downloads the validation rules and processes them. If the workstation fails the test, it is allowed Internet access only to the remediation sites for a period of about 60 minutes. Once corrected, full network access is provided.

    Top of page

  5. Q: What is the Clean Access Agent?

    A: Clean Access Agent is the client application that can check certain security settings on any Microsoft Windows PC to make sure that the system is up-to-date with required security patches and report this status to the Clean Access Server. No information about the user or the content of user files is sent to the server. Each user must use Clean Access Agent for his/her Microsoft Windows PC in order to authenticate and use the university network.

    Top of page

  6. Q: What Validation Checks are Being Performed?

    A: See the Network Authentication Requirements page for a complete list

    Top of page

  7. Q: How Long Do the Validation Checks Take?

    A: The checks take between 15 and 30 seconds.

    Top of page

  8. Q: What is the Process for Changing the Minimum Security Requirements?

    A: As new critical Microsoft updates become available, the security requirements will be updated to reflect the new patches. Typically, we will not immediately set the validation check for the new patches, but put the updates out on the College's interal update server for college owned machines to update. Then a week after that, the new patches are made validation checks. That means that generally two weeks after microsoft publishes a patch, it will be made a requirement If a vulnerability is reported or the threat of a virus storm or worm attack emerges, we will update the validation check immediately in reaction to the threat.

    Please note that we may cancel all network connections for a particular subnet in response to an attack. We will only resort to these actions in very urgent conditions.

    Top of page

  9. Q: How Often Will I Be Revalidated?

    A: We plan to configure the validation timer for every 7 days, early Sunday morning.

    Top of page

  10. Q: How Does Validation Work for Macintosh Users?

    A: Currently Macintosh users must authenticate by logging in via a web page. At this point there is no client which is downloaded to Macintosh systems. The network connection timer is set for Macintosh systems; however, there is no icon that can be right-clicked to logout and subsequently login again.

    Top of page

  11. Q: How Does Validation Work for Linux Users?

    A: Linux users must authenticate by logging in via a web page. There is no client which is downloaded to Linux systems. The network connection timer is set for Linux systems; however, there is no icon that can be right-clicked to logout and subsequently login again.

    Top of page

  12. Q: What About Xboxes, PlayStations, etc.?

    A: Please email the MAC Address of the console to resnet@bridgew.edu. Within two days, your console will be placed in the Gaming Role. The Gaming Role provides network access to console related services ONLY (i.e. if your register your PC for this role you won't have web, email or IM services). Please visit the game console page for more information on how to obtain your MAC address.

    Top of page

  13. Q: What If I forget My Password?

    A: Authentication Failure. If a user's systems fails authentication, the user is instructed to provide the correct username and password. If you have forgotten your password, visit the password reset portal to try and reset your password. If you have not registered in the password reset portal, you may contact IT Support Services at 508-531-2555 or via email at itsupport@bridgew.edu.

    Top of page

    Last Modified: August 13, 2008