LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

February 2009

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS February 2009

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Clean Access Wishlist
From:	Mike Diggins <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Mon, 9 Feb 2009 18:57:05 -0500
Content-Type:	TEXT/PLAIN
Parts/Attachments:	TEXT/PLAIN (65 lines)

I Agree as well, or ensure the cisco checks agree with Microsoft Update, 
right or wrong. It's the number one headache with this product.

-Mike


On Mon, 9 Feb 2009, Ben Fielden wrote:

> I second the details button.
>
> Ben Fielden
> ISS Student Technology Services
> The George Washington University
>
>
>
> Michael Simpson wrote:
>> My addition to the wish list:
>>  Have a "Details" button on the agent that shows users exactly what scan 
>> they failed, KB# and all.  This would allow our more technically inclined 
>> users to solve some of their own issues without coming to the help desk. 
>> It would also be handy for support staff to see on the machine instead of 
>> always consulting with the CA manager.
>>  Michael
>> 
>> >>> "Jeremy Wood" <[log in to unmask]> 2/9/2009 2:28 PM >>>
>> I've always wondered what people would like to see out of this product
>> so I thought I would throw these ideas out there and see if anyone
>> else thought they would be useful or if there were maybe some other
>> big improvements people want to see.
>> 
>> 1) Log of packets denied due to role traffic settings
>> 
>> 2) Sending of logging information from HA-IP
>> 
>> 3) Have CAM be able to check posture of clients without moving them to
>> UnAuth Role. I hear Bradford does this and I can see how it could make
>> the NAC experience much smoother and provide a possibly more secure
>> network if you are able to check client more often without
>> interrupting their session to do it. It does defeat the seemingly
>> 'pure' OOB approach CCA has though.
>> 
>> 4) Have the agent run as a service and/or run before the windows logon
>> portion of boot up. So basically the agent could load, verify the
>> posture of the computer (although some checks might not work, basic
>> ones would) and then pass the logon credentials through to the windows
>> GINA and so a SSO that way. This would allow for things like logon
>> scripts/offline files/GPO to be applied without anything special going
>> on. At the same time though you present the issue of how to update a
>> client this way if it is out of compliance? I'd bet that most AV
>> updater's wouldn't work if they are called like this.
>> 
>> Anyway, just my list. Thoughts or Additions?
>> 
>> --Jeremy
>


             _________________________________________

Mike Diggins       			Voice:  905.525.9140 Ext. 27471
Network Analyst, Enterprise Networks    FAX:    905.522.0511
University Technology Services 		E-Mail: [log in to unmask]
McMaster University, Hamilton, Ontario

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU