Tuesday, January 31, 2006
Cisco Clean Access, Minor Issue
Just noticed today that I couldn't send mail to the school's smtp server. Gave a call to the student help desk, as the email connection information had recently changed, just to be greated by Evan and he attempted to help me configure Thunderbird to send the mail, but it continued to refuse to send the mail. I disconnected from the wired network, and also Clean Access, and connected to the wireless network in Black Forest. After this, the email sent flawlessly. Connected back again to the wired, Clean Access, and once again, it refused to send (a test message).
Cisco Clean Access, What does it know?
Just playing around with the properties of the agent and noticed a list of detected products:
1. Product Type : Anti-Spyware (JavacoolSoft)
Product Name : SpywareBlaster v3.4
Product Ver. : 3.4.0
Def Ver. :
Def Date : 10/4/2005
2. Product Type : Anti-Spyware (Lavasoft)
Product Name : Ad-Aware SE Personal
Product Ver. : 1.06
Def Ver. :
Def Date : 9/6/2005 3:46:30 PM
3. Product Type : AntiVirus (NortonAV)
Product Name : Symantec AntiVirus
Product Ver. : 9.0.14
Def Ver. : 1/25/2006 rev. 7
Def Date : 1/25/2006
4. Product Type : Anti-Spyware (SpyBot)
Product Name : Spybot - Search & Destroy 1.4
Product Ver. : 1.4
Def Ver. :
Def Date : 9/9/2005
Interesting that 75% of this stuff has old defs.
1. Product Type : Anti-Spyware (JavacoolSoft)
Product Name : SpywareBlaster v3.4
Product Ver. : 3.4.0
Def Ver. :
Def Date : 10/4/2005
2. Product Type : Anti-Spyware (Lavasoft)
Product Name : Ad-Aware SE Personal
Product Ver. : 1.06
Def Ver. :
Def Date : 9/6/2005 3:46:30 PM
3. Product Type : AntiVirus (NortonAV)
Product Name : Symantec AntiVirus
Product Ver. : 9.0.14
Def Ver. : 1/25/2006 rev. 7
Def Date : 1/25/2006
4. Product Type : Anti-Spyware (SpyBot)
Product Name : Spybot - Search & Destroy 1.4
Product Ver. : 1.4
Def Ver. :
Def Date : 9/9/2005
Interesting that 75% of this stuff has old defs.
Cisco Clean Access, Day 1
I volunteered to help ITS beta test Cisco Clean Access on the network. Over the weekend, I emailed away my dorm port number so it could be switched to the Clean Access network. I also sent the MAC of my tower, as I didn't want to have to deal with that and Clean Access.
Last week, a couple of us 'volunteers' were shown basically how Clean Access should work, as demonstrated in 207a on a college-owned laptop. Seemed simple enough.
Monday morning, while I was still procrastinating the fact that I had to get up for classes, my port was switched over. At the time, my laptop was running Dapper (early release of Ubuntu 6.04, due out in April). I woke up, and while waiting for the return of hot water, opened a web browser and was immedititly redirected, as expected, to the verification process for Clean Access. At this point, I was prompted to enter my username and password, and select that I was a student, rather than faculty. I was then prompted with a simple agreement of the Clean Access process (sure you can check my computer for security issues). Hit 'Agree' and was then granted access to the network (after a short port scan).
That all went according to plan, but then I had to reboot into Windows. I shutdown Dapper, and resumed Windows from hybernation. Windows then got it's new ip address, just as Dapper did earlier (same ip address), and I was back online. No port scan, virus software check, or verification of the latest Windows updates.
My last class of the day required me to have my laptop with me (although I only ended up taking notes on it for that class). Upon returning to my dorm, and resuming Windows, I had to once again open a web browser in order to gain access to the network. This time, in addition to the login and agreement, I am prompted to download and install the 'Clean Access Agent'. I follow though, as I was shown last week. Once installed, I once again have to enter my username and password in order to gain access. The agent, I'm told, checks for up to date antivirus software and Windows updates, in addition to receiving a port scan. I am back online. Later, when my computer is idling, I notice that the Clean Access Agent is second on the list for most memory used (after explorer.exe, but what would you expect from explorer.exe?)
Now I get to the fun part, tricking the system. (Hey, they need this thing tested, right?) First thing I do is exit the agent (thus closing my session on the network) and open Firefox, add a new entry to the user agent switcher extension. Now my user agent, as far as the world knows, is "Linux", just that, nothing more, nothing less. I now let the redirection occur, and I am asked to login at the website. I login and get access immeditally, because I'm not "Windows", complete with a 'you are in' page. I guess that is how someone with an illegal copy of Windows could get on the network if Microsoft won't let them get updates, or if they don't want to install antivirus software.
Now on to the fun part: problems. I already mentioned having to run, and keep running the agent, there is also the issue coming from dual-booting/virtual machines. In order to obtain access, a user must open a web browser, but, what if you don't have a web browser? I know you are thinking, "everybody has a webbrowser, sure it may be a POC Microsoft Internet Explorer, or something a million times greater, Mozilla Firefox." This isn't always the case. Now you are thinking, "ok, so you don't have a web browser, tell me again why you need access to the network?" If someone is installing a distro of Linux, many times it will need to access the Internet in order to get needed files or updated files, all during the install process. If that machine isn't cleared for access, the install will either fail, or, more likely, be greatly lessened. When I was running Dapper tonight, a few times I booted into Dapper and tryed to have it check for updates, and got long listings of errors because I hadn't opened web browser and logged in yet since I started it. I had to login both in a Virtual PC install of Dapper and in a full boot of Dapper.
Another issue that I encountered was that I am unable to access any webserver hosted anywhere else on Resnet. My server, now on the Clean Access program was, however able to be accessed from elsewhere on Resnet, in addition to from my laptop.
This ends Day 1. Stay tuned for Day 2, when I ask about the issues that I have noted above.
Last week, a couple of us 'volunteers' were shown basically how Clean Access should work, as demonstrated in 207a on a college-owned laptop. Seemed simple enough.
Monday morning, while I was still procrastinating the fact that I had to get up for classes, my port was switched over. At the time, my laptop was running Dapper (early release of Ubuntu 6.04, due out in April). I woke up, and while waiting for the return of hot water, opened a web browser and was immedititly redirected, as expected, to the verification process for Clean Access. At this point, I was prompted to enter my username and password, and select that I was a student, rather than faculty. I was then prompted with a simple agreement of the Clean Access process (sure you can check my computer for security issues). Hit 'Agree' and was then granted access to the network (after a short port scan).
That all went according to plan, but then I had to reboot into Windows. I shutdown Dapper, and resumed Windows from hybernation. Windows then got it's new ip address, just as Dapper did earlier (same ip address), and I was back online. No port scan, virus software check, or verification of the latest Windows updates.
My last class of the day required me to have my laptop with me (although I only ended up taking notes on it for that class). Upon returning to my dorm, and resuming Windows, I had to once again open a web browser in order to gain access to the network. This time, in addition to the login and agreement, I am prompted to download and install the 'Clean Access Agent'. I follow though, as I was shown last week. Once installed, I once again have to enter my username and password in order to gain access. The agent, I'm told, checks for up to date antivirus software and Windows updates, in addition to receiving a port scan. I am back online. Later, when my computer is idling, I notice that the Clean Access Agent is second on the list for most memory used (after explorer.exe, but what would you expect from explorer.exe?)
Now I get to the fun part, tricking the system. (Hey, they need this thing tested, right?) First thing I do is exit the agent (thus closing my session on the network) and open Firefox, add a new entry to the user agent switcher extension. Now my user agent, as far as the world knows, is "Linux", just that, nothing more, nothing less. I now let the redirection occur, and I am asked to login at the website. I login and get access immeditally, because I'm not "Windows", complete with a 'you are in' page. I guess that is how someone with an illegal copy of Windows could get on the network if Microsoft won't let them get updates, or if they don't want to install antivirus software.
Now on to the fun part: problems. I already mentioned having to run, and keep running the agent, there is also the issue coming from dual-booting/virtual machines. In order to obtain access, a user must open a web browser, but, what if you don't have a web browser? I know you are thinking, "everybody has a webbrowser, sure it may be a POC Microsoft Internet Explorer, or something a million times greater, Mozilla Firefox." This isn't always the case. Now you are thinking, "ok, so you don't have a web browser, tell me again why you need access to the network?" If someone is installing a distro of Linux, many times it will need to access the Internet in order to get needed files or updated files, all during the install process. If that machine isn't cleared for access, the install will either fail, or, more likely, be greatly lessened. When I was running Dapper tonight, a few times I booted into Dapper and tryed to have it check for updates, and got long listings of errors because I hadn't opened web browser and logged in yet since I started it. I had to login both in a Virtual PC install of Dapper and in a full boot of Dapper.
Another issue that I encountered was that I am unable to access any webserver hosted anywhere else on Resnet. My server, now on the Clean Access program was, however able to be accessed from elsewhere on Resnet, in addition to from my laptop.
This ends Day 1. Stay tuned for Day 2, when I ask about the issues that I have noted above.
Subscribe to:
Comments (Atom)