Residential Networking
Phone: (831) 459-4638
CCA Home > Announcement
What is Clean Access and What do I do?
Background: Nearly all network outages or brown-outs experienced in ResNet are the result of virus-infected or severely compromised student PCs accessing the network. As a result, it has become necessary for the University to implement a network security system in order to minimize the risk posed by students who connect infected PCs to the campus network. |
User authentication simply means you need to provide proper credentials (i.e. your Cruzmail username and password) in order to gain access to the network. There are two methods for entering this information: Web login and Clean Access Agent.
Open any web browser, such as Internet Explorer, Safari, Firefox, Opera, etc. If your network settings are configured properly, you should be automatically redirected to the authentication page:
If you don’t know your Email username or password call the ITS HelpDesk at x9-4357 to reset it.
Web Login is the user authentication method for all non-Windows based computers. Users running Windows 98 or higher are required to authenticate using the Clean Access Agent.
If you are running Windows 98 or higher, you will be directed to install the Clean Access Agent. For Windows users, the Agent will now be the method for authenticating.
Click Download Clean Access Agent button. Although you can choose to open the file directly, we recommend saving it to your hard drive so you can re-install at a later time, if necessary.
Once the Agent installer is saved, double-click to install. Following the wizard installation instructions should only take a minute or two.
Once Clean Access Agent is installed, the login window will appear automatically whenever your computer attempts to access the network. Enter your UCSC Email UserID and password and click Login. (Note: The authentication provider should be ResNet.)
If the Clean Access Agent log in window doesn't appear automatically, you probably have an installed firewall (e.g. Norton Internet Security) preventing the window from popping up. To bypass this problem, modify your firewall rules to allow Clean Access Agent (port 8905). The method for modifying the rules vary depending on the firewall you're running.
After you successfully log into the system, Clean Access checks your computer for vulnerabilities to make sure it meets the necessary security requirements for connecting to the network. Only compliant computers are granted full network access. Each Monday your machine will be revalidated to ensure compliance.
What are the requirements for accessing the network?
It's possible that the minimum requirements may vary from time to time in order to remain proactive in preventing new viruses and trojans from infiltrating the network. All students are accountable for keeping their computer updated with current antivirus software and all operating system security patches. Here are the current and planned specific requirements that Clean Access checks:
Windows XP Current requirements:
- Clean Access Agent
- Automatic Updates enabled and set to "Download and prompt..."
- All Windows Critical updates through SP2
- Up-to-date Antivirus software McAfee (Provided to all UCSC students at no charge), Symantec/Norton or TrendMicro
Windows 2000 Current requirements:
- Clean Access Agent
- Automatic Updates enabled and set to "Download and prompt..."
- All Windows Critical updates through SP4
- Up-to-date Antivirus software McAfee (Provided to all UCSC students at no charge), Symantec/Norton or TrendMicro
Windows ME/98 Current requirements:
- Clean Access Agent
- All Windows Available Critical updates
- Up-to-date Antivirus software McAfee (Provided to all UCSC students at no charge), Symantec/Norton or TrendMicro
Macintosh Current requirements: Web Login
Linux Current requirements: Web Login If no vulnerabilities are found, your computer is considered compliant and is granted full network access. If vulnerabilities are found, your computer is moved into remediation.
If your computer fails the vulnerability assessment, it is moved into remediation, and you are provided with directions for fixing/patching it. You are given temporary network access in order to download any necessary software. Clean Access makes the distinction between REQUIRED and OPTIONAL software.
Required software must be installed before your computer will be granted network access. If your computer is missing required software, you'll see a message like this:
Click the Go To Link (or Download) button to download and install the required software. Because this is required, you must correct the problem before full network access is granted.
At times, Clean Access may notify you of optional software your computer is missing. If your computer is missing optional software, you'll see a message like this:
In this example, the message does NOT mean you need to install Microsoft AntiSpyware in order to gain network access. If you are already running AntiSpyware tools, simply click Next in order to gain access to the Internet.
If you'd like to download and install the optional software, click the Go To Link (or Download) button.
Removing the Clean Access Agent
By Fall 2005, the Clean Access Agent will be required in all residential buildings on campus except FSH. If you connect your computer to the Internet somewhere else the Clean Access Agent is not required and simply will not appear. However, if you move off-campus and no longer need to connect your computer to ResNet, you'll probably want to remove the Clean Access Agent. To do so, go to Start -> Control Panel -> Add or Remove Programs. Select Clean Access Agent and click Remove.