Charge
The Network Access Control (NAC) team is charged with upgrading the campus network to enable reliable identification of devices and their owners and ensuring access to computing devices and resources on the campus network have increased scrutiny. Additionally, ensuring devices on the network are secure and do not pose a threat to other connected devices.
Mandate Requirement
Ensure identification, management, and vulnerability assessment of all computing devices connected to university networks.
Methods of Achievement
Network Access Control
What's Happening
UC Merced is now ready to begin deploying our Network Access Control technology starting in June. When you connect to a wired network port, you will will be prompted to enter a username and password exactly like you would when attempting to join one of our wireless networks. No changes are being made to the way you connect and authenticate to the wireless network at this time.
Network Classification Levels
Going forward, network access will be broken into three levels: Slate, Blue, & Gold.
• Slate - Internet
Slate level access is available to any and all members of the campus community including guests and visitors. This level provides you access to the internet, library catalogs, research catalogs, and library printers. You will receive Slate level access if you use a wired connection without a UCMNetID & Password or connect to wireless via UCM Guest.
• Blue - Affiliated
Blue level access is available when you connect to the UC Merced network via wired, wireless, or VPN. This level of access provides everything available on Slate as well as campus services that do not manage privileged or protected data (P3/P4). You will receive Blue level access if you use a wired connection with a UCMNetID & Password or connect to wireless via UCM CatNet or eduroam.
• Gold - Privileged
Gold level access is only available when you connect to the UC Merced VPN, authenticate using your UCMNetID & password, and if your role permits access to systems with with privileged data (P3/P4). This level of access provides everything available on Blue as well as campus services you are permitted to access that manage privileged or protected data.
Device Support
- Windows Devices - At this time, only managed Windows devices are able to authenticate to the wired networks. Any unmanaged Windows devices will not be prompted and default to Slate level network access. As a workaround, if you need Blue level network access, please install and connect to our VPN.
- Apple Devices - All Apple Devices (managed & unmanaged) running the latest version of macOS will be able to authenticate to the wired network for Blue level network access.
If you suspect you may have devices that will be unable to authenticate using your UCMNetID and password, please open a request using the ProtectUs Exception Device Enrollment form and we will reach out to address your conerns.
Vulnerability Management Platform
What's Happening
As a part of Network Access Control, the network will now be monitoring for devices that connect with known vulnerabilities that could jeaopardize the network itself or other devices connected to the network. This tool does not alter, modify, or otherwise change the condition of your device. If your device is found to have a vulnerability that needs to be addressed, it may be tempoarily blocked from accessing the network and you will be contacted by OIT to assist with remediation.
Device Identification
What's Happening
As a part of Network Access Control, when you authenticate a device to the wired or wireless network, basic information about your device will be collected. This information includes:
- IP Address
- MAC Address
- Device Name
- Operating System
This is basic device information that will only be used to help locate a device owner in the event that their device has been compromised or has a known vulnerability.
