University of Notre Dame > OIT

Office of Information Technologies

services banner

Exchange
Google Apps at ND
Passwords & Accounts
Voice, Data, Video
Clusters/Classrooms
Calendaring
Training
Print/Scan/Copy
Center for Research Computing (CRC)
Presentation Technologies
WebEx
Security
Course Management
Shared File Space
Web Publishing
Software
Equipment
Support
Corporate Data
Policies

security banner

RSS Feed
Subscribe to the OIT Security Alerts RSS Feed

March 26, 2009


ND-Secure/ND-Guest Discussion and Q&A

David Seidl and Dan Rousseve led the discussion.

ND-Secure

A study was performed after the corporate data loss several years ago. It was found that faculty and staff members were using unsecure wireless networking while working with university data. This is what brought about the change to ND-Secure. All Faculty and Staff should use secure wireless networking whenever possible. The unsecure Nomad network will eventually be discontinued but no definite date has been set for its demise.

The coverage profile for ND-Secure should be the same as Nomad. However, weaker signals on the edge of the coverage range may have problems because of handshaking.

There is a common misconception that ND-Secure is slower that Nomad. Testing has shown that it is not slower. Signal drops are the same as Nomad but seem to occur more often because of handshaking overhead on reconnect.

Rollout of ND-Secure is proceeding across all of campus. A&L already have over 600 clients.

Any issues should be reported to IT Security or Infrastructure Services.

Some older NIC drivers may have issues.

Windows XP users will need SP3 due to significant advances in wireless.

Vista works well.

Macs, iPod Touch, and iPhones have problems.  There are ways around it and many Apple devices are working.

Students are reporting coverage issues.

Connect times vary but long times are not limited to old machines. Drivers are the key.

We are running WPA2 encryption. WEP is not an option because of security holes.

 

ND-Guest

The ND-Guest network is designed for devices that do not work well with ND-Secure and for true guests. ND-Guest users must use a VPN to get to campus resources. Otherwise connectivity is the same as with any public network.

Guest user requestor is being developed. We will purchase product soon.

Users can register on arrival instead of preregistered. Service will be ready for summer conference season. Brian Burchett will test because of conference concern.

One goal is to associate access to a real user, not have computers registered to a support person.

Clean Access agent available that will authenticate without ActiveX. The user installs a binary on the device.The agent sits idly in the System Tray unless interaction is needed.

Agent does AD single sign-on and passes credentials to Clean Access when logging on to OS.

Agent sends OS data to server, but only when authentication happens.

Does not work with ND-Secure but will work with ND-Guest and wired connections.

If user comes from other organization with Clean Access installed, they must use web page authentication.

There are too many differences in various NIC manufacturer’s net management software packages to create a simple solution.

Dan Rousseve is the maintainer of the FAQ.

All connections cannot be secure. This is just a mechanism to add protection where possible.

A zoned network map is available on the ND-Secure web site.

Devices that need to be publicly accessible need to be put in public service zone.

System changes should be documented so IT staff can analyze problems.

 

Q&A

Q. What can we do about users who are not admins of their computers?

A. Clean Access supports a fall-through ActiveX configuration for those who cannot install the Clean Access client agent. Networking is aware of problem with users who cannot run ActiveX and are working on a solution.

Q. Is ND-Guest + VPN the same as ND-Secure?

A. Similar, but there are differences. Yes if resources are configured to allow VPN address ranges.


 
 

Need answers?
Contact the OIT Help Desk at oithelp@nd.edu or 574-631-8111.