NAC gear lightens IT load at community college

Cleaning up student PCs was literally the only work the IT staff at Northwest Mississippi Community College could get done for the first two weeks of every school year -- until this past fall when the college installed NAC gear that automates the process.

Now, with that time freed-up for six fulltime IT staffers plus student staff, Mirage Networks NAC equipment has just about paid for itself in one semester, says Chuck Adams, the network administrator at the school’s Senatobia, Miss., main campus.

“We wanted to get out of the touching-student-PCs business,” Adams says. “We're not 100% there, but we're almost there now. We will be by next fall.”

The labor-intensive process of inspecting 1,000 student PCs for malware, cleaning them up, patching their operating systems and installing McAfee anti-virus software is gone.

Instead, when students try to login, their computers are automatically scanned for compliance with the college’s PC health standard. If the machines flunk, their owners automatically receive instructions on what to do to bring them up to par. Once they are cleaned up, the machines get network access.

The problem arose in 2003 when the Blaster worm wrought havoc on the school’s student network for three weeks, the result of infected student computers. Since then the school has tried to manage student PCs by patching Windows operating systems and updating anti-virus software to help protect the network from similar outbreaks.

Until last fall, this was done by hand. “We would have hundreds of machines that would show up riddled with viruses and spyware. So each machine would take a couple of hours to get fixed,” says Mike Lamar, the network technician for the college. That meant students might have to wait two weeks before getting Internet access, and they complained loudly to school administrators, who made fixing the problem a priority.

"It was so important to our student-affairs department that they paid for the [Mirage] device,” Adams says. “It didn't come out of our budget at all."

So far the students like it. “They perceive it as such a better thing. They know right away if they're going to get on the network or if they're going to have to go have their computer worked on somewhere,” Adams says.

The school owns two Mirage devices, one to scan computers and one that blocks or allows traffic from end machines, he says. They are both located on the school’s main campus, which is the only one that has residential students. The students are served by their own, untrusted subnet.

Adams and his team also considered NAC gear from Bradford Networks and Sygate. Bradford was dropped from consideration because it couldn’t supply a test machine. Sygate required setting up a quarantine VLAN where unhealthy machines could be sidelined until they were brought into compliance. Adams thought that was too much meddling with the network architecture. Mirage grants access only to its system until the computer passes the scan.

The school would have considered a NAC option from its switch vendor, Extreme, but it had none at the time the college was looking last spring. Since then Extreme has teamed up with StillSecure to OEM its NAC gear.