Cisco ISE FAQ's


What is Cisco ISE?
Cisco ISE, in conjunction with the Cisco AnyConnet client, is a system that can check certain security settings on any Microsoft Windows PC to make sure that the system is up-to-date with required security patches and report this status to a Cisco ISE Server. No information about the user or the content of user files is sent to the server. Each user must use Cisco ISE for his/her Microsoft Windows PC in order to authenticate and use the network.
Why are we using it?
To protect the network we all share by attempting to reduce the effect of viruses and worms on our network and to safely provide student access to our network. Laptops are technically more susceptible to attacks since they have the ability to connect to a variety of networks via wireless. We do not want any viruses that could have been picked up at another wireless location brought to our campus.

How do I login?
For login instructions, please visit our Cisco ISE Tech Tips page.
What if I need to update my computer to pass validation?
The Cisco AnyConnect client will automatically start running Windows security or antivirus definition updates for you. Once complete, you will be granted network access. For more information, see our guide on the Cisco ISE Tech Tips page.

Key Terms
Network Access Process: The process of authentication and validation of your computer required for network access.

Authentication: The process of verifying your access to the network by confirming your username and password and associating it with your computer.

Validation: The process of confirming that certain security measures are in place on your computer.
How does the Network Authentication and Validation system work?
The new computer security system performs the following functions:
  • Require authentication to the network.
  • Validate whether the system connecting to the network meets the minimum security standards.
  • Quarantines the system until it meets the minimum security standards.
  • Provides access to the remediation sites.
  • Provides access to the Internet and to check email.
  • Blocks access to printers and network file shares.
  • Once the system is validated as "clean," allows access to the rest of the network.
What Network Connections Require Validation?
We are requiring validation for all office connections used by notebook computer users. Additionally, all open ports in public access locations like computer labs will be switched over as well. In time, we expect to deploy Cisco ISE at every connection to the campus network. Additionally, connecting to the protected SOLANO-DOT1X wireless network requires ISE validation.
Why Are We Introducing this Solution Now?
There are dozens of medium or higher rated worms (Zotob, Blaster, Nachi, Netsky, Sobig) that infect computer systems. We feel that the best way to prevent this from happening on our campus network is to insure that virus software and OS critical update/patches are current and maintained.

A machine placed on the network now takes longer to patch than it does to be infected.

Our firewall is a reasonably effective means of protection from external threats. With the recent increase in the use of notebook computers, the bigger threat now comes from within our network itself.
How Long Do the Validation Checks Take?
Most of the checks using the Cisco AnyConnect client can take between 15 seconds to a few minutes.
What Remediation is Available?
Microsoft Windows Patch Failure. If the user's system fails the check for current critical OS patches, Windows Update will automatically run. Once complete, a reboot may be required to complete the process.

Virus definitions. If the user's system fails the check for current virus definitions, the user is prompted to "update". This process will then download and install the latest definitions and the user is allowed access to the campus network.
What Validation Checks are being performed?
The following are some examples of validation checks that can be performed:
  • Check for current Windows OS Patches for Windows machines.
  • Check for current antivirus definitions for Windows machines.