What is Clean Access and What do I do?

Clean Access is a network security system that checks weekly for vulnerabilities on machines connected to the UCI Residential Network. All student workstations must pass these checks to get online.

Please follow these steps to gain network access:

User Authentication
1. Web Login
2. Clean Access Agent
Vulnerability Assessment
Remediation
1. Missing REQUIRED Software
2. Missing OPTIONAL Software
Removing the Clean Access Agent

FlowChart

Background: Nearly all network outages or brown-outs experienced in ResNet are the result of virus-infected or severely compromised student PCs accessing the network. As a result, it has become necessary for the University to implement a network security system in order to minimize the risk posed by students who connect infected PCs to the campus network.

User Authentication

User authentication simply means you need to provide proper credentials (i.e. your UCI Email username and password) in order to gain access to the network. There are two methods for entering this information: Web login and Clean Access Agent.

Web Login

Open any web browser, such as Internet Explorer, Safari, Firefox, Opera, etc. If your network settings are configured properly, you should be automatically redirected to the authentication page:

Web Login is the user authentication method for all non-Windows based computers. Users running Windows 98 or higher are required to authenticate using the Clean Access Agent.

Clean Access Agent

If you are running Windows 98 or higher, you will be directed to install the Clean Access Agent. For Windows users, the Agent will now be the method for authenticating.

3.5.10

Click Download Clean Access Agent button. Although you can choose to open the file directly, we recommend saving it to your hard drive so you can re-install at a later time, if necessary. If you would like to install the Clean Access Agent before you arrive, click here.

Once the Agent installer is saved, double-click to install. Following the wizard installation instructions should only take a minute or two.

Once Clean Access Agent is installed, the login window will appear automatically whenever your computer attempts to access the network. Enter your UCINetID and password and click Login. (Note: The authentication provider should be UCINetID Logon.)

agent8

If the Clean Access Agent log in window doesn't appear automatically, you probably have an installed firewall (e.g. Norton Internet Security) preventing the window from popping up. To bypass this problem, modify your firewall rules to allow Clean Access Agent (port 8905). The method for modifying the rules vary depending on the firewall you're running.

Top of page

Vulnerability Assessment

After you successfully log into the system, Clean Access checks your computer for vulnerabilities to make sure it meets the necessary security requirements for connecting to the network. Only compliant computers are granted full network access. Each Monday your machine will be revalidated to ensure compliance.

What are the requirements for accessing the network?

It's possible that the minimum requirements may vary from time to time in order to remain proactive in preventing new viruses and trojans from infiltrating the network. All students are accountable for keeping their computer updated with current antivirus software and all operating system security patches. Here are the current and planned specific requirements that Clean Access checks:


Windows XP	Current requirements: Clean Access Agent 4.0.0.0 Automatic Updates enabled and set to "Download and prompt..." All Windows Critical updates through SP2 Up-to-date Antivirus software McAfee (Provided to all UCI Housing Residents at no charge), Symantec/Norton or TrendMicro

Windows 2000	Current requirements: Clean Access Agent 4.0.0.0 Automatic Updates enabled and set to "Download and prompt..." All Windows Critical updates through SP4 Up-to-date Antivirus software McAfee (Provided to all UCI Housing Residents at no charge), Symantec/Norton or TrendMicro

Windows ME/98	Current requirements: Clean Access Agent 4.0.0.0 All Windows Available Critical updates Up-to-date Antivirus software McAfee (Provided to all UCI Housing Residents at no charge), Symantec/Norton or TrendMicro

Macintosh	Current requirements: Web Login

Linux	Current requirements: Web Login

If no vulnerabilities are found, your computer is considered compliant and is granted full network access. If vulnerabilities are found, your computer is moved into remediation.

Top of page

Remediation

If your computer fails the vulnerability assessment, it is moved into remediation, and you are provided with directions for fixing/patching it. You are given temporary network access in order to download any necessary software. Clean Access makes the distinction between REQUIRED and OPTIONAL software.

Missing REQUIRED Software

Required software must be installed before your computer will be granted network access. If your computer is missing required software, you'll see a message like this:

ann4

Click the Go To Link (or Download) button to download and install the required software. Because this is required, you must correct the problem before full network access is granted.

Top of page

Removing the Clean Access Agent

By Fall 2005, the Clean Access Agent will be required for all computers connected to the UCI Residential Network. If you connect your computer to the Internet somewhere other than in ResNet, the Clean Access Agent is not required and simply will not appear. However, if you move off-campus and no longer need to connect your computer to ResNet, you'll probably want to remove the Clean Access Agent. To do so, go to Start -> Control Panel -> Add or Remove Programs. Select Clean Access Agent and click Remove.

Top of page

Temporal Agent

Cisco is currently developing a version of the CCA Agent which does not require installation on the client computer to authenticate. This release is highly anticipated and forthcoming in the last quarter of 2006.

Top of page