Date: 27 May 2015
To: Kevin Hughes, Dean of Students at Christopher Newport University; Jimmy Buckingham, Director of IT Services at Christopher Newport University
From: Clare Crawford, Student at Christopher Newport University
Subject: Issues with ClearPass OnGuard
The purpose of this memo is to object to the use of ClearPass OnGuard as a requirement to access Christopher Newport University’s local intranet.
As a large, data collecting entity, Christopher Newport University relies heavily on its ability to transmit secure data safely. The executive decision to require a program called ClearPass OnGuard in order to access the CNU WiFi also forced students, or anyone trying to access the network, to also download any of the pre-approved anti-malware programs if they did not already have one. Data collected from a distributed survey suggests that OnGuard was extremely unpopular with the student body.
“Cyber Security: How Much is Too Much?”
Prepared by: Clare Crawford, Senior CNU Student
During the 2016 spring semester at Christopher Newport University, the IT department decided that in order to prevent malicious software, or malware, from infecting or inhibiting the CNU network infrastructure, all devices except mobile devices would need to be approved by ClearPass OnGuard. OnGuard as a program searches device data for malicious software, and will quarantine any device which does not meet the regulation standard for data security. In order for OnGuard to properly assess data security, it must be able to access the archives in another malware prevention program, such as Avast or AVG.
Keywords/Tags: CNU, Christopher Newport University, internet access, wifi, WiFi, Wi-Fi, ClearPass OnGuard, OnGuard,
At Christopher Newport University, most students have purchased laptops or desktops with some form of malware prevention program already installed, such as McAfee or Norton. OnGuard requires another malware prevention program to act as a “sniffer” and find any harmful data that could inhibit the usability of the CNU network. OnGuard itself does not actually provide any malware protection at all. It simply analyzes the data from the malware protection program. However, occasionally OnGuard and the supplementary malware protection program would clash with each other, forcing both programs to halt and return an error message. Please note that for the duration of this paper, the terms “antivirus” and “malware protection program” and its variants may be used interchangeably.
A survey, representative of a case study, sent to CNU students gauged individual reactions to OnGuard. According to John. W. Creswell, of the University of Nebraska, a case study is one of the five appropriate approaches to inquiry. Christopher Newport University is considered a bounded system. A bounded system is one that functions independently within its own environment. A case study was most appropriate for this bounded system because ClearPass OnGuard does not affect every collegiate entity equally. Due to the anonymity of the survey, it is unclear whether the respondents were only students, or a mix of both students and faculty and staff, which may be considered a confound in scope of the entire case study.
The survey provided to Christopher Newport Students consisted of eight questions where participants were given different multiple choice options in order to gather background information on each participant’s personal experience with OnGuard. The last question of the survey allowed each participant to contribute their own answer in the form of a personal comment or answer with another multiple choice option. The survey was distributed to CNU students through Google Forms, sent through linked CNU Gmail accounts, as well as posted on Facebook which allowed many users to access the survey through multiple platforms. Unfortunately, utilizing both Google Forms as well as Facebook means that some users who do not operate within CNU’s bounded system could have accessed the survey, creating another potential confound.
There were 106 responses to the survey, which constitutes a statistically significant sample, where appropriate inferences may be considered reflective of the rest of the Christopher Newport University population.
Well over 50% of people who installed OnGuard had difficulty with the process. As Fig. 1 depicts, over half of the population found difficulties when installing OnGuard. One student even stated that she was unable to install OnGuard at all because she was a Linux user. OnGuard does not distribute appropriate packages to accommodate other operating systems such as Linux; packages are only available for Mac OSX and Windows. The data suggests that OnGuard as a program is not reliable. If OnGuard cannot accommodate other operating systems, it cannot be expected to perform on a mass-distribution basis. This initial fault with OnGuard only helps to perpetuate its problems.
About 75% of students had some sort of antivirus program already installed prior to installing OnGuard. When the decision to make OnGuard a required program to access the CNU WiFi, students and faculty were advised to download any of the pre-approved antivirus programs, to help OnGuard perform its core function. Fig. 2 depicts the relative percentage of students who already had an antivirus program on their computer. Most commercially available laptops and desktops already have an antivirus program preinstalled, so it would be safe to assume that most students did not have to download an external program.
Over 80% of students installed OnGuard before the mandatory quarantine date. OnGuard is programmed to quarantine any computer that did not meet its data security standards. In order to avoid getting automatically quarantined, students must download OnGuard and have one of the approved antivirus programs prior to March 1, 2016. Students who download OnGuard after March 1, 2016 receive a two week grace period, after which their computer would be restricted from accessing the network.
About 80% of students found that they did have trouble accessing the CNU WiFi even though they met all necessary requirements. Even though OnGuard might not quarantine a computer, it may still create network connection issues. Several students expressed that even though they downloaded OnGuard, it still prevented them from getting online. In some worst-case scenarios, OnGuard prevented students from completing homework, or locked them out of accessing their online final exams.
Perhaps the most interesting statistic gathered from this survey was that only 0.9% of students found that OnGuard added to their CNU experience. Regardless of whether or not the student incorrectly selected one of the multiple choice answers or not, the one student who answered the survey believing that OnGuard added to their CNU experience qualifies as an outlier, and is not statistically significant enough to count towards the total data collection.
Fig. 1 through 5 suggest that the inclusion of OnGuard as a mandatory program to access the CNU WiFi is an unpopular decision based on student reactions. The majority of students state that the OnGuard requirement detracts from their overall experience. One student, Christoper Pandak, quotes that “OnGuard has made me download other programs to my computer, such as WeatherBug that slow down my computer. If I did not need OnGuard to connect to the internet at school, I would have deleted this application already. I agree that Christopher Newport University may need a program like this to help secure the network, but it would be nice to have a program that did not require us to download extra programs along with it.” OnGuard as a program has only seemed to hinder students’ ability to access the internet, and currently does not seem to have any benefits. ClearPass OnGuard is manufactured by Aruba Networks, a subsidiary of Hewlett Packard Enterprise Company (HP). Considering the technological giant that Hewlett Packard is, it would make sense that OnGuard is a viable, safe application. After doing a little research into OnGuard, it would seem that the application has had some severe backlash from other companies. It does not seem like a smart decision for CNU to begin implementing OnGuard without much backend research. Many companies express the same technical difficulties that CNU students have. OnGuard works occasionally, but most of the time wrongly quarantines, or restricts network access to legitimate users.
Creswell, John W. Qualitative Inquiry & Research Design: Choosing among Five Approaches. 2nd ed. Thousand Oaks: Sage Publications, 2007. Print.