Student evades Cisco NAC; gets suspended

[IKnowNot]

Just curious as to others reactions to this.

Student evades Cisco NAC; gets suspended


That article referenced the school newspaper article

Student suspended for bypassing network security


Beside the obvious, one thing that disturbed me was from

University goes to extremes in dealing with Cisco Clean Access

... users of Mac, Linux, or any operating system other than Windows do not have Cisco Clean Access installed. This means that anyone using an Apple computer is in exactly the same position on the network as Michael Maass was when he bypassed Clean Access, and yet he has been suspended, while their actions are obviously permitted by the University.

I am not advocating the student's behavior, but I believe, from what I can find out about the incident, that there are areas of concern handing out that type of punishment under these circumstances.

Any thoughts?

[nihil]

"by accident" or "by design".............................go figure?

[Aardpsymon]

Ok, this product is a new one on me. But reading these I gather its a PC health check to make sure that machines added to the network aren't compromised and going to bring the server down.

So, from that I can figure that perhaps operating systems other than windows are less of a risk. Macs generally don't carry windows viruses, although there are a few that work on both I recall (ipod virus for one). Point being, a mac that "doesn't need" security on it is entirely different to a guy with a windows machine bypassing the security.

Remember the two parts of risk assessment: Hazard and Risk.
Nukes are extremely hazardous, but the actual risk is minimal (assuming you don't have a maniac in charge of the button)
Paperclips are generally NOT hazardous, but the risk is huge since paperclips are in offices everywhere.

[phishphreek]

How is *that* an exploit? I've been on websites that didn't allow me access because I used firefox. I changed the user agent to appear as if I were using IE via a firefox extention. How is this any different?

[nihil]

I am familiar with that type of software. It is very good for what it does, which is to test that you have the latest patches and software in place.

The major problem with that is that it will not detect a machine that has been compromised prior to updates and patches being applied.

It also requires a locked down and clearly defined environment, as it cannot detect "dodgy" software otherwise.

It is immediately apparent to me that this is a totally useless application in the environment described, and the retard who implemented it should be fired accordingly. Hell's teeth, what good is a security measure that works threequarters of the time?

As for the punk............he got what he deserved.

1. He was not satisfied with his little "work around" (which is trivial if you look at what the software actually does).......oh no! he had to run off at the mouth about it................ or he would not have been found out?

2. He "grassed" on others:

Additionally, he gave the program to several friends and one professor. As a result, they suffered judicial consequences including having their account frozen, residence hall probation, writing a 3-4 page reflection paper and having their computers inspected by IS to get network access back, according to Maass.

That kind of garbage does not belong in any branch of the services.........I hope the USAF withdraw his scholarship, as you do not need one to dig latrines, throw trash or flip burgers.

I think he has just had his first lesson in the university of life.............let's hope he paid attention in class.

EDIT: Phish~ that is not the same..............the site was not trying to block you, it was just checking for a browser that it knew would work.

[phishphreek]

nihil: I see now. I didn't read all the links posted above. I only read two of them. The first and the third... I didn't realize that he wrote a program to bypass the NAC and distributed it. I thought he just changed some values in his config file to return null which was in place to allow handheld devices. I'll make sure I read them all next time.