01/20/09

Permalink 09:06:04 am, Categories: Miscellaneous

He speaks the oath as I write this.
What a great moment!


11/25/08

Permalink 11:59:08 am, Categories: Resnet

Recently, I have learned that CCA apparently can not detect certain configurations of the Windows Internet Connection Sharing system.
If the Internet Connection Sharing is working in NAT mode, only IP address translation is done, and multiple network card identification numbers, called MAC addresses, are visible to the outside world. That is detectable by CCA.
However, if the Internet Connection Sharing is working in Bridge mode, each shared machine gets its own IP address, and CCA can't detect that.
The CCA client agent, which is installed on the client Windows machine (no client agent for Linux...) can detect the presence of an Connection Sharing registry entry, but apparently, that registry entry exists even if connection sharing is switched off. That nicely demonstrates the futility of this whole idea of having a program run on the client computers, testing these things. Cisco always has to reverse-engineer all programs that they want to check for, and such reverse-engineering, aside from possibly being illegal under the DMCA, is highly ineffectual. All it does is provide for job security for Cisco engineers (granted, that counts for something in today's economy ;D)


11/06/08

Permalink 12:34:41 pm, Categories: Resnet

People continue to be concerned about the privacy implications of an invasive system like CCA.
That's why there continue to be a number of programs out there to bypass the CCA installation.
Here is another one I have come across, which claims to be working with all CCA versions. Of course, as always, use at your own risk and don't blame me or the author of that program if your computer locks up or if you get into trouble with your network administrators.
Competent network administrators would provide an opt-out or would only mandate use of the CCA client after a virus/bot incident. If your school has such network administrators, consider yourself lucky. The UCI Resnet administrators, unfortunately, dismissed such suggestions.


10/19/08

Permalink 05:21:10 pm, Categories: Resnet

Resnet has a newer version of CCA installed, so my Perl script to automatically log in didn't work anymore.
A kind soul has adapted the script to work with the latest installation and sent it to me. So, here is the update.


04/15/08

Permalink 07:36:37 am, Categories: Resnet

Unfortunately not at UCI...

From a post to a mailing list that discusses CCA administration (the official name of CCA is Cisco NAC), in answer to another post (partly quoted on top):

"When we get support issues with any AV product, we typically say 'uninstall what you have, and put Symantec on.'"

This is becoming an increasingly unrealistic option for us. It was certainly fine in an era when few computers showed up with AV tools installed. But good work at increasing awareness of the importance of AV software means more students are arriving with pre-purchased (and pre-subscribed) software, and telling students the $100 they spent on a year's subscription isn't going to be used leads to frustration.

It is nice to see some network admins actually doing what they are supposed to do, serving the community, not being an adversary of the community...
Being a BOFH may be good for the ego, but ultimately, a non-adversarial situation is better for everybody, as I hope UCI Resnet personnel understands by now. When they found out the hard way that the community doesn't accept their "we know best" attitude, they panicked...


:: Next >>

March 2010
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        

This blog tries to capture all the gripes about UCI Resident Networking (Resnet) and the switch to UCI-managed Cable TV in on-campus housing.
This site is not affiliated with UCI or UCI Housing.

Search

XML Feeds

powered by b2evolution