Avenda Adds Non-802.1x Agents to NAC Appliance Software

Avenda Systems will shortly be rolling out enhancements to eTIPS, its network access control appliance. Expected in early November 2010, the updates include OnGuard, a set of network access agents, and enhanced features in the company's guest management application.

Deployed in conjunction with eTIPS version 3.5, also due in November, the OnGuard agents provide identity and health checks for environments that are incompatible with 802.1x, such as older versions of Mac OS X, Linux, or Windows operating systems. This will allow campus IT administrators to manage those devices alongside 802.1x devices in controlling access to peer-to-peer applications and services through their networks to help ensure the health of devices getting onto the network and to send network notifications to users. For example, if a user is caught violating media copyrights or is running a device with out-of-date anti-virus, anti-spyware, or firewall settings, IT can deny network access to that device and send a message that appears on the screen at set intervals warning that person to take corrective actions to bring the machine up to standard.

"The enforcement of peer to peer policies always comes up when we talk to higher ed prospects," noted Trent Fierro, director of marketing. "Now you can go in and create a policy: 'I will allow this and I won't allow that,' even being specific about what types of peer to peer apps kids can use."

If a user is doing something not allowed by the school, IT can bounce the person off the network and send a message that pops up on the user's screen, with information about how to regain network access.

Currently, in order for non-802.1x devices to be authenticated, the user is forced to use a Web portal for login. "A lot of people don't like to do that," Fierro pointed out. Users tend to assume that once they've logged onto their computer, they'll have access to the network, he said. "But we were forcing customers to do an additional login, like you're logging into a hotel or an airport network." There's big pushback from people who don't want to do that, he added.

Under the new scheme that uses the persistent agent technology, the IT person can capture information about the user, the services they're running, the types of applications they're using, and the health aspects of the machine. "What this means is that I can do a mix of 802.1x and non-802.1x and get the same kind of information. That opens it up. You're maintaining the same kind of policies now for both types of environments, which you couldn't do before," Fierro said.

OnGuard also addresses the challenge of performing health checks on devices connecting to the campus network through a virtual private network. This will replace the need for Avenda Edge in environments running eTIPS version 3.5.

Currently, the company is working with customer Northwestern University in Evanston, IL to test out the feature. "It was a big request from them," Fierro said. "They have 30,000 users, and it was too much for them to manage."

One unnamed campus customer requested the ability to use the agents strictly for health assessments. For that reason, the agents can handle both identity and health checks or just health checks alone. "They want to check against their Active Directory for the identity of the person, but they want to use eTIPS for the health component," Fierro said. "They're not going to modify their approach to policies. They're going to use eTIPS to go back and say, is this user running anti-virus? What level? When was it last run?"

"Avenda's new OnGuard agents provide a seamless way to monitor user and device information while taking advantage of legacy security mechanisms," said John Call, systems and network analyst at Brigham Young University-Hawaii. "I can see how the additional visibility and safeguards would benefit education and enterprise organizations alike--for not only security, but also for network troubleshooting and compliance mandates as well."

Avenda has also said it would add Web-based authentication features to eTIPS 3.5 for environments running Meru Networks wireless controllers and Cisco Ethernet switches.

The company has bolstered GuestConnect to provide for tiered approval flow in eTIPS' guest registration application. This feature will let the IT administrator designate various levels of permission for set-up of guest user access based on user role. The application also includes a function for users to add their own endpoint MAC addresses to the system, which will allow approved devices to be tracked and managed by IT without IT intervention.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  •  laptop on a clean desk with digital padlock icon on the screen

    Study: Data Privacy a Top Concern as Orgs Scale Up AI Agents

    As organizations race to integrate AI agents into their cloud operations and business workflows, they face a crucial reality: while enthusiasm is high, major adoption barriers remain, according to a new Cloudera report. Chief among them is the challenge of safeguarding sensitive data.

  • flowing lines and geometric shapes representing data flow and analysis

    Complete College America Launches Center to Boost Data-Driven Student Success Strategies

    National nonprofit Complete College America (CCA) recently launched the Center for Leadership, Institutional Metrics, and Best Practices (CLIMB), with the goal of helping higher education institutions use data-driven strategies to improve student outcomes.

  • cybersecurity analyst in a modern operations center monitors multiple digital screens showing padlock icons, graphs, and a global map with security markers

    Louisiana State University Doubles Down on Larger Student-Run SOC

    In an effort to provide students with increased access to real-world cybersecurity experience, Louisiana State University has expanded its relationship with cybersecurity solutions provider TekStream to launch TigerSOC, a new student-run security operations center.

  •  floating digital interface with glowing icons, surrounded by faint geometric shapes

    Digital Education Council Defines 5 Dimensions of AI Literacy

    A recent report from the Digital Education Council, a global community devoted to "revolutionizing the world of education and work through technology and collaboration," provides an AI literacy framework to help higher education institutions equip their constituents with foundational AI competencies.