User Tools

Site Tools


biac:nac

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
biac:nac [2021/06/30 21:22]
cmp12
biac:nac [2022/11/18 16:08] (current)
Line 3: Line 3:
 Duke has rolled out specific security requirements for access to the DHE networks.  If you use VPN on a personal machine and need to connect to DHE servers ( ie: munin, cluster, etc ) then you are expected to meet specific requirements. Duke has rolled out specific security requirements for access to the DHE networks.  If you use VPN on a personal machine and need to connect to DHE servers ( ie: munin, cluster, etc ) then you are expected to meet specific requirements.
  
-1) Device registered with NAC : [[https://dukereg.duke.edu/|NAC Registration]] +1) Device registered with NAC : [[https://dukereg.duke.edu/|NAC Registration]]\\ 
-2) Have the NAC agent installed on your local computer +2) Have the NAC agent installed on your local computer\\ 
-3) Have an approved anti-virus software +3) Have an approved anti-virus software ( crowdstrike is preferred ) \\ 
-4) Have an approved operating system version  +4) Have an approved operating system version\\  
  
 You can read more about NAC here : [[https://nac.dhts.duke.edu/network-access-control-nac]] You can read more about NAC here : [[https://nac.dhts.duke.edu/network-access-control-nac]]
  
  
 +====== Steps to get registered ======
  
-====== Windows ====== 
  
-1) Download and install the FortiNAC Agent [[https://shadow.biac.duke.edu/Network_Requirements/NAC%20Agent/Windows/|FortiNAC.exe]]+1) Download and install the FortiNAC Agent 
 +^ Windows ^ OSX ^ Linux ^ 
 +|[[https://shadow.biac.duke.edu/Network_Requirements/NAC%20Agent/Windows/|FortiNAC.exe]]|[[https://shadow.biac.duke.edu/Network_Requirements/NAC%20Agent/OSX/FortiNAC%20Persistent%20Agent.dmg|FortiNAC.dmg]]| [[https://shadow.biac.duke.edu/Network_Requirements/NAC%20Agent/Linux/ | RHEL of Debian ]]|
  
-2) Register your device at [[https://dukereg.duke.edu/|NAC Registration]]+2) Find your WiFi Mac Address 
 + - Mac System Preferences -> Network -> Wi-Fi -> Advanced Button -> Hardware Tab 
 + - Windows Control Panel > Network and Internet > Network and Sharing Center -> Network Connection -> Click Details -> Physical Address 
  
-3) Install an approved anti-virus software ( Crowdstrike ( preferred ), Avast, BitDefender, Microsoft Windows Defender ) : [[https://shadow.biac.duke.edu/Network_Requirements/Crowdstrike/Windows/|Crowdstrike]]+3) Register your device at : [[https://dukereg.duke.edu/|NAC Registration]]
  
-4) Approved Windows versions+4) Install an approved anti-virus software
- Windows 7 +^ Microsoft Windows ^ Mac OSX ^ 
- Windows 8 +|[[https://www.avast.com/en-us/free-antivirus-download|Avast]]|[[https://www.avast.com/en-us/free-mac-security|Avast]]| 
- - Windows 10+|Microsoft Windows Defender, built in Windows 10|[[https://www.bitdefender.com|Bitdefender]]| 
 +|[[https://www.avg.com/en-us/free-antivirus-download|AVG-2019 free]]|
  
-====== Mac OSX ====== 
  
-1Download and install the FortiNAC Agent [[https://shadow.biac.duke.edu/Network_Requirements/NAC%20Agent/OSX/FortiNAC%20Persistent%20Agent.dmg|FortiNAC.dmg]]+5Approved Operating System versions:
  
-2) Register your device at : [[https://dukereg.duke.edu/|NAC Registration]]+^ Microsoft Windows     ^ Mac OSX ^ 
 +| Windows 7    | 10.15-Catalina| 
 +| Windows 8    | 11.0-Big Sur| 
 +| Windows 10   | 12.0-Monterey|
  
-3) Install an approved anti-virus software ( Crowdstrike ( preferred ), Avast, BitDefender : [[https://shadow.biac.duke.edu/Network_Requirements/Crowdstrike/OSX/|Crowdstrike]] 
  
-4) Mac OS has to be one of the following: +==== Verify ====
- - 10.11-El Capitan +
- - 10.12-Sierra +
- - 10.13-High Sierra  +
- - 10.14-Mojave +
- - 10.15-Catalina +
- - 11.0-Big Sur+
  
-====== Linux ======+Connect to VPN, then open a browser and go to a Duke Site to verify.\\
  
 +Note that sometimes it takes a few seconds between launching the VPN and NAC verification, so if you try to immediately connect to a DHE server you may still be in a remediation network zone.  Give it a few more seconds, or potentially reconnect to VPN if needed.
 +
 +
 +
 +====== NAC on the DH1 wireless network ======
 +
 +While on campus all NAC requirements above must be met to join the secured DH1 wireless network, which replaces clubs:\\
 + * [[https://nac.dhts.duke.edu/nac-dh1-wireless| NAC DH1 wireless]]\\
 + * please follow instructions for user-managed devices\\
  
biac/nac.1625088174.txt.gz · Last modified: 2021/06/30 21:22 by cmp12