Brad Kramer ventured to comment, at 10/18/06 1:01 PM:
> That being the case, I think it is prudent to mention that my interpretation
> of clean access is not a security tool, but rather a remediation tool.
> I personally don¹t care if a computer savvy student bypasses the agent
> install. They are probably capable of making sure their machine is patched
> and virus free.
> 
> That ³script² still does the only thing I care about for all computers, and
> that is tying a username to a mac address. IMHO that is the only true
> security function of CCA. And even that is rather limited because you are
> still relying on a student¹s username/password not being compromised.

Quite agree with Brad; Clean Access does two things for Oberlin College:
1) it links users with MAC and IP addresses for our reference, and
2) it helps identify systems with deficiencies and provides notice and
remediation links so the user can fix the problem without dragging their
system down to our help desk. Everyone benefits.

On a perfect network with perfect users, we wouldn't need such tools. Anybody
out there have such a thing? Probably not a subscriber to this list...

By his combative tone of voice, Joe Feise risks being labeled a troll. Judging
from his contributions to discussions elsewhere, I'm sure this is not his intent.

I'm with Jeff, can we return this discussion to the nuts and bolts of making
this tool work for us and our users, rather than the philosophical digressions
that may find a better home elsewhere? This "security flaw" troubles me
little. Microsoft provides much more interesting examples.

I'm charged with implementation, not policy.

-- 
-- Cal Frye, Network Administrator, Oberlin College
    www.ouuf.org,  www.calfrye.com,  www.pitalabs.com


"Force, without wisdom, falls of its own weight." -- Horace.