Created on 13.10.2006
Fleet, Hampshire, UK - 26th September 2006
Khipu Networks, an advanced systems integrator, announce that the ‘Bradford Campus Manager’ Network Access Control and Identity Management System is being used in a number of FE Colleges and Schools, as well as Universities, to secure and manage their Wireless and Wired Networks.
There are many drivers for a centralised system to manage and control Network Access, these include:
- With the growth of Wireless Networks, the need to ensure that all devices / users are authorised and free from vulnerabilities such as Viruses, Spyware etc before being granted Network Access to key resources.
- The need for an automatic, central and easy method to identify and authenticate different types of users and their devices.
- The need to manage and control ‘who has access to what’. Therefore, by identifying the type of user e.g. student, staff or guest, the organisation can ensure they are only allowed access to the resources relevant to them.
- The need to enforce Acceptable Use Policies to the students, staff and other types of users.
- The need to log and audit all network devices and activity i.e. User, IP address, MAC Address, location, time on network, type of device, health of device etc.
- The need to keep Networks clean from vulnerabilities.
These are a sample of the drivers that the Bradford Campus Manager Solution has addressed with our customers. One of our recent project implementations was for the College of St Mark and St John “MARJON”, to manage and control the laptops and PC’s brought in from the new and returning students who require network access.
“With our new student laptop scheme, we needed to ensure that our network would be protected from these devices, since we are not managing or maintaining them. The investment into the Campus Manager System, will allow us to control and manage the student devices to ensure they are not ridden with problems before accessing our clean network” David Riggs, Head of IT.
The solution enables IT departments with Education Institutions to IDENTIFY, CONTROL and REMEDIATE unknown users and their devices, which access their networks. From a single management interface it will:
- Enforce Security Policies during network login
Before network access is granted, the system can enforce the user to login and authenticate to the organisations systems (i.e. LDAP / RADIUS). If successful, the system can then scan and check the device for;
- Correct (or allowed), updated and running Anti-Virus Software Application(s)
- Correct (or allowed), updated and running Anti-Spyware Software Application(s)
- Microsoft Service Packs and Critical Updates (kbxxxx releases)
- Allowed Applications
- Prohibited Applications
- Vulnerabilities to Viruses, Backdoors, Denial of Service, File sharing can also be determined by an embedded scanner or from integration with 3rd party devices such as IPS/IDS systems, Firewalls, Traffic Anomaly Detectors, PacketShapers etc.
Custom scans can easily be added, searching for specific files, processes, registry keys. For instance there may be a requirement to check the level of Java on devices to ensure they are compatible with the “virtual learning environment VLE”, devices that fail can be provided with detailed information on how to correct any issues. The solution is fully customisable and can be branded to fit the Institution’s ‘look and feel’ Intranet, Website etc and can provide as much information to the users as required.
The scan can be ‘client-less’ therefore no software or agents need to be installed on the device in order for the scan to take place. The scan is also completely tailorable, in that the Institution can chose what to check for in their policies, therefore it can be tailored to meet the requirements of different user groups (e.g. staff, students, Janet Roaming Service users, 3rd party Contractors, guests etc). The system provides the granularity to control on a per port, per access point, per user or per group basis.
There is also a persistent agent supplied, that can be installed onto Institution owned devices which provides additional functionality.
Enforce Automatic Remediation
If a client is not compliant with the Institutions Security Policy and fails the scan for example, as a result of an out of date AV application, it is automatically routed to a secure and isolated area within the network (i.e. quarantine VLAN) and is forced to remediate 'self heal' i.e. download AV software or updates, in accordance with the Institutions Acceptable Use Policy. The device is then re-scanned and if compliant is allowed onto the network or to a particular VLAN based on who they are.
The Campus Manager Solution will significantly improve and enhance Network Security and Management in the following ways.
Improve Network Security
- Ensure the user is authorised before granting network access.
- Identify unauthorised 'rogue' clients and take appropriate action.
- Control, disable and restrict end-user access.
- Record all activity of the user and the status of their client device.
- Identity Management, logging in real-time and historically information about the devices, such as User's Name, IP Address, MAC/Physical Address, location (Switch Port or Access Point), Time logged on / off - OS version, AV and AS applications on device, Health of device.
Improve Network Control and Management
- Port based registration and LDAP integration
- Locate network users and problems associated
- Control student gaming, file sharing and chatting
- Enable and disable switch ports regardless of manufacturer
- Preferred VLAN switching and Dynamic VLAN assignment
- Control of wireless access as well as wired connections
- DHCP Server Management
Campus Manager provides a wide range of benefits and has made a vast improvement on how Universities, Colleges and Schools provide services to the users connecting to their networks. From the customer installations to date, the following benefits have been provided by the system:
- Enabling Institutions to have full control over the end-user, ensuring a safe and secure network experience for all, through the enforcement of network usage policies.
- Clientless security scanning for “unmanaged” machines
- Enforce a campus wide or segregated network usage policy for campus and halls of residence networks.
- An ‘Out of band’, not in-line solution therefore no single point of failure and is not bandwidth limiting.
- Single point for network management and control across wired and wireless.
- Improve network reliability and management
- Automated Registration of student Device (Laptop, desktop etc)
- Students on-line with no or minimum intervention from IT Support
- Massive Reduction in Network Access delays at Start of Term
- IT Support know:
The User
Their Device (including OS, AV etc)
Their Location
Their state - Improved Customer Experience
Massive Reduction in Viruses, Spyware
Improved Laptop/ PC ‘house keeping’ – up to date AV, AS, MS SP2 etc - Happy Users – Faster and Cleaner Network
- Leverages existing network investment and protects for future investment
In summary, from the customer feedback to date, the solution has provided a wide range of benefits from both a user support and network availability perspective. For more information on Campus Manager or a customer reference, please contact KHIPU Networks on 01252 773184 or register your interest.
About the College of St Mark and St John
The College of St Mark & St John is a Church of England voluntary college with a history of over 150 years. Its constituent colleges, St John's, Battersea and St Mark's, Chelsea, date back to the 1840s. The College of St Mark & St John moved from London to Plymouth in 1973. Since 1991, the College has been affiliated to the University of Exeter, which accredits it to run undergraduate and postgraduate programmes leading to degree awards of the University. Today the College has an academic community of approximately 5000 people. Its educational activities have continued to evolve in response to local, regional, national and international needs. Proud of its historical roots, the College continues to develop its educational courses to reflect the needs of the twenty-first century. Situated a short distance from Plymouth, the College attracts students from all over the UK and overseas. The College has much to offer, both academically and socially.
About Bradford Networks
www.bradfordnetworks.com
Bradford Networks (Concord, New Hampshire, USA) are an industry leader in developing innovative enterprise network policy enforcement solutions. They allow their customers to leverage their current investment in their multi-vendor network infrastructure and deliver significant features and benefits in the areas of policy, monitoring and control for enterprise networks. Through the enforcement of network usage policies, their solution’s helps ensure a customer’s network is safe and secure. The products solve real world network issues, such as: limiting unwanted users, enforcing version control, setting policies, controlling network access, overall client management and device management
About Khipu Networks
Khipu Networks are a UK based advanced systems integrator, focussing on supplying innovative secure compliant infrastructure solutions across the public and private sector. The company is a leading adopter of new and best in breed technology, expert technical staff ensure that customers get the solutions they need, when they want them and how they need them. The ethos is to ensure that the customer has the edge on the security and compliance of their network and not the attacker. Hampshire based Khipu Networks Ltd are the security division of the White Clarke Group of companies. Khipu Networks are the exclusive reseller of Bradford Campus Manager in the UK and Ireland.
