With Expansive views of the mighty Hudson River and a campus that consistently ranks among the nation’s most beautiful, Marist College in Poughkeepsie, NY, offers students an idyllic setting for learning. Still, like every other school, Marist faces serious threats to its IT network, and its unique campus, with 49 buildings spread across 180 acres, posed special security challenges to its IT staff.
Marist has long had a policy that requires every computer be certified as network-safe before it can access the school’s network. For instance, every computer must have up-to-date versions of anti-virus software and the latest security patches for its operating system. Prior to 2008, checking and certifying computers was a manual process, said Christine Mulvey, the school's director of special telecommunications and networking projects.
"Whenever we had a new release of anti-virus software or an operating system, our IT folks would have to run around the campus getting to every computer,” Mulvey said. “We have a big campus, so when I say running I’m being literal. It was a real sneaker-net."
Back-to-school time, with its waves of new and returning students and faculty, posed special problems because every computer had to be manually checked for security compliance before it could access the network. “This was our biggest challenge for network security,” Mulvey recalled. “We were looking for ways to do that automatically.”
After investigating several potential solutions, Marist College in 2008 selected Cisco’s Clean Access, now called Cisco Network Admission Control, or NAC. The product enforces compliance with an organization’s network security policy on all devices seeking to access network computing resources. With NAC, network administrators can authenticate,
authorize, evaluate, and remediate wired, wireless, and remote users and their machines prior to network access. It identifies whether networked devices such as laptops, IP phones, or game consoles are compliant with the network’s security policies and repairs any vulnerabilities before permitting access to the network.
At Marist College, each time computer users attempt to log onto the school network their computers are quickly scanned by NA C. If their security software is up-to-date, they gain access to the network. If virus software or security patches need to be updated, the user is brought to a site where he or she can download and install the appropriate software. All required software is made available to students and staff at no charge.
Selecting Cisco’s system was a fairly easy decision, according to Mulvey. “First, we determined that Cisco's product came closest to meeting all our requirements,” she said. “Also, we are a 100 percent Cisco environment. It made a lot of sense for us to stay with Cisco for this because it meant there could be no finger-pointing.
Our entire network is Cisco so we know we can just go to one place if we need help with a solution to a problem. And of course the service and training we received was excellent."
Now, having used Cisco NA C during two back-to-school seasons, Marist College's technology department is ecstatic with the results - and so are the school's computer users. “For users, the whole process of checking your computer is very quick, just seconds,” Mulvey said. “Before, when our staff got back from their summer vacations they’d know that it would take quite some time to log onto our network while their computer was being scanned. They’d boot up their computer, go get a cup of coffee and hope by the time they got back they’d be on the network. Well, now it's instant, and everyone is happy."
For more information about Cisco Network Access Control, please visit www.cisco.com/go/edusecurity.