Frequently Asked Questions
- Why has Fordham IT switched from Cisco Clean Access to Fordham Network Access Control?
- What are the benefits of Fordham NAC?
- What are the primary differences between the new Fordham NAC and the old Cisco Clean Access?
- What will the Fordham NAC process consist of?
- Why does Fordham IT require authentication and compliance for the Fordham wired & wireless networks?
- How often will users be required to authenticate and run a compliance scan?
- Who will be required to authenticate?
- In addition to computers, does this apply to other electronic devices?
- How can visitors access the Network?
Why has Fordham IT switched from Cisco Clean Access to Fordham Network Access Control?
This past year, Fordham IT underwent an evaluation of Cisco Clean Access as the University's network security appliance. Based on that evaluation, it has been identified as an area for improvement. After exploring industry best practices, we are moving forward with Fordham Network Access Control as the ideal solution for meeting the University's security needs.
What are the benefits of Fordham NAC?
Fordham NAC offers a level of security that is superior to Cisco Clean Access by enabling IT to isolate problematic machines from communicating with other devices on the Network. This guarantees that in the event that a device has been compromised, the rest of the Network will not be at risk. Additionally, Fordham NAC is an agent-less compliance scan process.
What are the primary differences between the new Fordham NAC and the old Cisco Clean Access?
The main difference Windows users will experience is that Fordham NAC does not require a "Clean Access Agent," or similar program, to be installed on his or her machine. The result is that the user must open a browser to begin the authentication process.
What will the Fordham NAC process consist of?
The Fordham NAC process for users consists of authenticating and running a compliance scan. The compliance scan checks the user machine for the following requirements: Windows Automatic Updates Enabled, Anti-virus Installed, and Firewall Enabled. Details outlining each procedure can be found here.
Why does Fordham IT require authentication and compliance for the Fordham wired & wireless networks?
The authentication process is required to ensure that only authorized users are accessing the University’s public networks. The compliance process is required to ensure that each individual who accesses the University public network is using a device that meets network security standards. The purpose of this is to create an environment that minimizes, if not eliminates, any potential network security threat.
NOTE: If you switch from a wired connection to wireless – or vice versa – you will be prompted to authenticate and run a compliance scan.
How often will users be required to authenticate and run a compliance scan?
Users will be required to authenticate and run a compliance scan monthly. Upon successfully authenticating and passing our required compliance scan, all devices will have full access to the public network for the duration of that month. All devices will be cleared from the system and be required to re-authenticate and pass our required compliance scan on the 1st of each month.
Who will be required to authenticate?
Anyone who attempts to access the University public network, wired and wireless, must authenticate. This of course includes Fordham students, faculty and staff. Unfortunately, alumni and applicants are NOT granted access to the University public network.
In addition to computers, does this apply to other electronic devices (ie: iPhones, Game Consoles, etc)?
Essentially, any device attempting to access the University public network will be required to authenticate. However, Fordham IT can only guarantee access for computers.
As of Fall 2012, Game Consoles can now access the Internet via their wired network adapters after they have been registered. In order to register your Game Console, please log on to My.Fordham.edu, click on the Student tab, locate the Game Console Registration channel in order to fill out and submit your Game Console's MAC address.
Other devices such as Web enabled TVs, Streaming Devices (Apple TVs, Roku, etc), and Web Enabled Blu-Ray players are currently not allowed.
How can visitors access the network?
All visitors to the University, such as vendors and conference attendees, may request guest accounts in order to authenticate and access our public network. Click here for more information.