< Back to LISTSERV archives

NETMAN@LISTSERV.EDUCAUSE.EDU


View:

:

[

|

Previous Message

|

Next Message

|

]

:

[

|

Previous Message

|

Next Message

|

]

:

[

|

Previous Message

|

Next Message

|

]

:

Proportional Font

LISTSERV Archives

LISTSERV Archives

NETMAN Home

NETMAN Home

NETMAN  2014

NETMAN 2014

Subject:

Re: Non-Cisco NAC/ISE

From:

Chuck Anderson <[log in to unmask]>

Reply-To:

The EDUCAUSE Network Management Constituent Group Listserv <[log in to unmask]>

Date:

Thu, 6 Mar 2014 12:41:40 -0500

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (24 lines)

Agreed here.  We don't plan to do any kind of posture checking.  The
way we are using NAC is to provide convenience and better service to
our users, placing them on the correct VLAN automatically so they can
get to the registration portal or remediation page, etc.  It also
allows us to use RADIUS accounting to provide hard start/stop times
for Information Security purposes.

On Thu, Mar 06, 2014 at 03:44:11PM +0000, Peter P Morrissey wrote:
> One point of view that I did not see mentioned is the concept just eliminating NAC posture checking. In our case we use 802.1x for user tracking on our wireless network and leave the wired ports in their rooms open since we know where they live.
> 
> I haven't seen anyone quantify any benefits for doing NAC posture checking, but maybe I missed that.
> 
> Our experience is that it is expensive to purchase, support and maintain with really no benefits.
> 
> On top of the support issues, our users suffer pain not just installing but all of the unexplained page displays, exceptions not working etc. The scary thing was that we didn't know about some of the problems until we started having conversations with students who just lived with it and didn't want to deal with calling a help desk. And, our vendor was unable to give us stats that accurately monitored these problems. For us the quality of experience of the students is very important, so we had a hard time with this.
> 
> We turned it off two years ago, and have not noticed a problem. We now spend less money, our engineers have more time, we spend less time considering the NAC in our planning meetings, and our students have less issues than ever.
> We realized that the students on our network grew up using computers on various ISP's who did not require NAC and they and their ISP's learned to survive just fine.
> We had issues with malware etc while we were doing full blown NAC for every device on our wireless network with up to date AV, firewalls turned on and Windows Update. We still have those problems but they are no worse. Maybe it is because the OS's have a lot of these settings on by default now and nag you when you don't? Maybe it is because a lot of the problems that occur on computers are not preventable by having posture settings set up correctly?
> 
> Pete Morrissey

**********
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Top of Message | Previous Page | Permalink


Options

Log In

Log In

Get Password

Get Password


Search Archives

Search Archives


Join or Leave NETMAN

Join or Leave NETMAN


Archives

2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998

ATOM RSS1 RSS2