Cisco Cisco NAC Appliance 4.10 Guia De Informação
Customer Case Study
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
EXECUTIVE SUMMARY
Trinity University
●
Education
●
San Antonio, Texas, United States
CHALLENGE
●
Reduce malware and virus infections
●
Enforce security policies for wireless users
●
Strengthen security without impeding
academic freedom
SOLUTION
●
Deployed Cisco Network Admission Control
(NAC) to identify and remediate machines with
malware and vulnerabilities before they are
admitted to the network
malware and vulnerabilities before they are
admitted to the network
RESULTS
●
Reduced malware infections
●
Eliminated malware-related network
performance issues
●
Improved stability and reliability of computing
environment
One of Nation’s Most “Unwired” Campuses Blocks Malware for
Wireless Users
Wireless Users
Trinity University uses Cisco Network Admission Control to deny network access to devices with malware
and viruses.
Challenge
Trinity University is one of the top private undergraduate institutions in
the United States, ranking first among western U.S. universities by
U.S. News & World Report for 15 consecutive years. Founded in 1869,
the university today offers 37 majors on its 117-acre campus in San
Antonio, Texas.
As with any large computing environment, protecting users and the
Trinity University network from viruses and malware is a constant
challenge. Unlike a private enterprise, however, the university’s IT staff
must try to secure an environment in which thousands of new users
appear each year, bring their own laptops from home, and require
unfettered access to the Internet.
“We have 2000 students arriving each year with their own personal
computers, and we don’t have a lot of control over them,” says
Douglas Cooper, systems administrator for Trinity University. “That
opens us up to a variety of risks, including viruses, malware, spyware,
and student machines being compromised.”
As a result, university IT staff historically spent significant time and resources dealing with those issues.
“We were constantly running around cleaning machines and trying to isolate infected computers,” recalls Cooper.
“We could spend more than eight hours a week dealing with malware. It was slowing down the network significantly,
which had a major effect on students and faculty.”
To address the problem, the university deployed a NAC solution in 2005 aimed at helping ensure that all users
complied with security policies, such as having up-to-date antivirus and operating system software. But the system
was not a complete solution. First, there was no way to configure it to separate internal users, such as students and
staff, from guest users. This was a big problem, especially during the summer, when the university hosted
conferences with thousands of attendees. Providing Internet access meant exposing the university network to these
users. The solution was also extremely inflexible.
“We had no internal control over the software, so if we wanted to create custom checks for specific policies, we had
to ask the vendor to add that, and wait for them to provide it,” says Cooper. “If we needed to make an urgent change,
there was no way to do it.”
The biggest problem with the previous NAC system, however, was that it did not support the wireless environment.
Trinity was named one of the 10 “most unwired college campuses” in the United States by Intel Corp and supports
as many as 900 wireless users at a time, with the figure growing each year. The lack of admission control for
wireless users was a major hole in the university’s network defenses.