What do the different zones mean?
- The Registration Zone is mainly used for the initial registration of the computer. This is also where the first test with the Client Security Agent (CSA) occurs.
- The Production Zone provides complete network access to all users in this zone. All machines in this zone will be required to regularly scan for viruses and spyware.
- The Quarantine Zone severely limits network availability. Users in this zone can access http://resnet.cmich.edu, http://www.it.cmich.edu, and Windows Update pages only.
- The Limited Access Zone offers limited network access for a short period of time. During this period, the machine is given full web browsing access only. All other programs that access the Internet (i.e. AIM, WSFTP) will be restricted. The main use for this zone is to provide enough network access to properly secure the computer before gaining access to the Production Zone.
- The Dead End Zone is for machines that have been manually disconnected from the network by an Administrator. The most common reason for a computer to be placed in this zone is in the case of a network policy violation. Computers located in the Dead End Zone will not have network availability.
How does one move between zones?
Unregistered machines begin in the Registration Zone. In this zone, users will have the ability to register their computer and run the Client Security Agent (CSA).
The CSA is responsible for ensuring a computer is secured before allowing access to the Production Zone. If the computer passes the CSA, it will be moved to the Production Zone and will have complete network access. If the computer fails the CSA, it will be moved to the Quarantine Zone.
The user is responsible for remedying all problems determined by the CSA. Users who need assistance with securing their computers can contact the Help Desk to setup an appointment with a ResNet technician. Users can select to be moved from the Quarantine Zone to the Limited Zone for a short period of time.
The Limited Zone offers enough limited access to assist the user in manually securing the computer. When the user is confident the computer is secure, the CSA must be run again. Once the user passes the CSA, the computer will be given full network access. Users exceeding their time in the Limited Zone will be automatically moved back to the Quarantined Zone and forced to re-run the CSA.
Once on the Production Zone, users will be regularly forced to re-run the CSA before continuing the use of full network access to assist in keeping the network secure from machines vulnerable to viruses. Furthermore, every computer is continually being monitored for viral traffic while in the Production Zone. If viral traffic is found, the computer is moved to the Quarantined Zone.
The Dead End Zone is for machines that have been manually disconnected from the network by an Administrator. The most common reason for a computer to be placed in this zone is in the case of a network policy violation.
Why do I have multiple MAC addresses listed?
All devices that utilize the network must first be registered with a Global ID. Along with computers, this also includes any gaming consoles you want to play online such as Xboxes or PlayStations, as well as other devices that use network connectivity, such as iPods or iPhones. The Network Registration Status page will list all registered devices under your Global ID.
You may find that you have more than one MAC address listed, even if you do not use any network devices other than your computer. This is because your computer actually has two different MAC addresses-one for wireless, and another for wired.
What is the Client Security Agent verifying?
Before any machine is given access to the Production Zone, the user must first pass the Client Security Agent (CSA). The CSA is designed to ensure that all computers are properly protected from security threats, such as viruses. The CSA is currently configured to verify the following items:
- The Operating System has the most recent Service Pack and major vulnerability patches installed.
- The computer has an anti-virus program installed that is listed as an acceptable anti-virus solution by the CSA.
- The anti-virus program is up-to-date with recent virus definition files.
Why did the Client Security Agent fail the anti-virus test?
The Client Security Agent (CSA) verifies that each computer has one of the following anti-virus programs installed on your computer:
- Microsoft Security Essentials
The CSA requires your anti-virus program to have the latest version and engine. Information Technology does recommend free Anti Virus solutions. Anti Virus recommendations and installation instructions can be found at the Software Download Center.
IMPORTANT NOTE: Before installing an anti-virus solution, please make sure that no other anti-virus program exists on your computer.
Why did the Client Security Agent fail the virus definition files test?
As new viruses are discovered, additional virus definition files will become available for your specific anti-virus program. To limit the chances of a new virus infecting your computer, you must regularly download and install the latest virus definition files.
The Client Security Agent (CSA) will check to ensure that your anti-virus program has the latest virus definition files.
Why did the Client Security Agent fail the Windows test?
Many viruses exploit weaknesses found in the Windows operating system. Microsoft regularly releases new updates to patch these known flaws. To limit the chances of a virus infecting your computer, you must regularly install the latest Microsoft updates.
To pass the CSA, you must have the latest operating system service pack and major vulnerability patches installed. If the most recent service pack or major vulnerability patches are missing, you must visit http://www.windowsupdate.com (in Internet Explorer) to download and install the required updates.
Which anti-virus programs are permitted by the Client Security Agent?
Microsoft Security Essentials, and Avast, the University-recommended virus scanning software packages, are provided free of charge to all CMU members. Those who use Microsoft Security Essentials or Avast, versus other anti-virus solutions, have a higher level of compatibility with University systems and are more efficiently supported.
Below is the full list of supported anti-virus programs permitted by the Client Security Agent:
- Microsoft Security Essentials
How often will I need to run the Client Security Agent?
There are several variables that determine when a user will need to run the Client Security Agent (CSA). The first time a user will be instructed to run the CSA is during the initial computer registration process. In the event that a computer is moved to the Quarantined Zone, the user will need to continue running the CSA until the computer passes the security check and is moved back to the Production Zone. To ensure users are continuously updating computers with necessary service packs and anti-virus updates, each user will periodically be instructed to re-run the CSA before continuing with full network access in the Production Zone.
How long can I be in the Limited Access Zone?
The current time is 14 days, although this could change in the future. Once you select the Limited Access Zone, you will be able to view the exact day and time your limited access to the network expires.
What occurs when my time expires in the Limited Access Zone?
Once the time expires, the computer in question will be moved back to the Quarantined Zone. The user has no choice but to run the Client Security Agent (CSA). In the event that the CSA fails, the user can elect to be moved back to the Limited Access Zone.
Why has my computer been quarantined?
Common reasons for a computer to be quarantined:
- The computer failed the Client Security Agent (CSA) scan and the user has not yet elected to access the Limited Zone.
- The computer is forced to re-run the CSA to continue full production access.
- The computer is infected with a virus.
- The time within the Limited Access Zone expired.
How do I re-run the Client Security Agent?
Note: The following instructions only apply if you have failed part of the Client Security Agent (CSA) software check and are in the Limited Access or Quarantine zone. Once you have updated your computer to meet the network security requirements, it will be necessary to re-run the CSA to gain full access to the production network.
- Open a web browser (e.g. Internet Explorer, Firefox)
- Navigate to http://www.helpdesk.oit.cmich.edu/resnet
Note: By default, you should be automatically re-directed to this page once your web browser is open.
- Login using your Global ID and email password.
- Click on the " Click to rerun the Client Security Agent" link.
- When prompted, select " Run" and allow the CSA to scan your computer.
Once you successfully pass the CSA, it may take your computer up to 20 minutes to switch over to the production network.
Still having problems?
For additional assistance, please contact the Help Desk at 989.774.3662