What is Bradford?
Bradford is the name of the company whose product, Network Sentry, is used to provide network access control and mobile device management services for Western Michigan University. It is used to identify all devices that connect to WMU's network. It can also be used to validate that connecting devices comply with network safety standards. All network access is authenticated by means of a valid Bronco NetID.
Why do we need network access control?
A network access system allows us to identify who and what is on our network. It keeps unwanted devices and unauthorized users out which ensures that network assets are protected.
What else does network access control do?
It also allows us to provision and enforce custom security policies, create reports for regulatory compliance, and easily identify at-risk devices.
How does network access control work?
When a device attempts to connect to the network, network access control looks it up in the registration database. If the device has been previously registered, it is allowed to connect. If the device is unknown, it is redirected to the registration page. Once the device has been registered, it may also need to pass software security rules.
What are software security rules?
Verification that the operating system of the device attempting to register has the most recent service pack updates and patches installed. Also that an approved anti-virus program is installed and is up-to-date with recent virus definition files.
How long does a registration last?
Student device registration is good for one semester. After each semester ends, all students will be deregistered and must reregister at the beginning of the next semester.
Faculty and staff will need to reregister once a year.
Are there differences in how network access control works?
Yes. It may be deployed in registration mode and active rule set mode. The College of Health and Human Services and WMU's residential network, ResNet, have been deployed in active rule set mode. Main campus is deployed in registration mode.
In active rule set mode a device is registered and then scanned to verify that it is in compliance with the software security rules mentioned above. If it is not in compliance, it will be quarantined and not be allowed to access the network until the problems are resolved.
In registration mode the device is simply registered and allowed to access the network.
Why would a device fail software security rules?
- It doesn't have an approved anti-virus software and/or up-to-date virus definition files. WMU provides Symantec Endpoint Protection free of charge for faculty and staff and recommends ClamXav for Macintosh and Microsoft Security Essentials for Windows for students (see virus protection).
- It does not have the most recent service patches and vulnerability updates installed for its operating system (see security patches and OS updates).
What happens when a device fails and is quarantined?
When a device is quarantined the owner must fix the problems that were noted and rerun the scan until the device passes the security check. If any assistance is needed, the Help Desk may be reached at (269) 387-4357, option 1.
What if I am using multiple devices in my residence room and am connected through a hub?
Network access control cannot control a hub. If one device on the hub is deactivated, all other devices on the hub will be deactivated. A new device being connected to the hub will also deactivate all other devices until that device has passed the registration process.
Need more help?
Contact the Help Desk at (269) 387-4357, option 1.