Bypassing UCI Resnet’s Cisco NAC Appliance for Windows Users

On a school night, homework piles up, stress accumulates and the Cisco NAC Appliance denies you Internet Access because “your virus definitions are out of date.” This obnoxious, little appliance consumes precious time from college students for trivial problems such as Microsoft updates.

To bypass the Cisco NAC Appliance, simply change your user-agent on either Firefox, Google Chrome or Internet Explorer. Afterwards, you can login with your UCInet ID and password through any of the following browsers.

Bypass Cisco NAC Agent by Changing Your User-Agent

For Firefox

1. Enter about:config on your URL bar (where you type website names)
2. If a warning appears about voiding warranties, accept it
3. Right click anywhere on the Preference table to bring up the context menu
4. Select New to String on the context menu
5. Enter the preference name general.useragent.override
6. Enter the string value Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1

For Google Chrome

1. Right click the Google Chrome shortcut to open the context menu
2. Select Properties on the context menu
3. Append --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1" to the target field

For Internet Explorer

1. Open regedit through Ctrl + R (opens the Run window) and enter regedit
2. Find the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
3. Create a new string value with the name Platform
4. Set the data to Linux x86_64

The substring, X11; Linux x86_64;, of the user-agent fools Resnet to believe that your Operating System is Linux instead of Windows. Find me on campus if you’d like a detailed explanation of user-agent switching.

Now you can uninstall the Cisco NAC Agent and/or McAfee Anti-Virus software to clean up your computer.

Why You Should Bypass Resnet’s Cisco NAC Appliance

Although tedious and ostensibly unnecessary, the purpose of Resnet’s Cisco NAC agent is described on their website:

For those of you who remember the 2004-2005 school year, you might also remember the onslaught of viruses and worms that caused interruptions to network services and severe degradation of network performance. Starting in the fall of 2005, Residential Network Services took a big step towards substantially reducing the effect of viruses and worms on our network. To protect student computers and ultimately the network we all share, we have installed a Network Admission Control system called “Clean Access”.

Benefits of the Cisco NAC Appliance

Saves you from trivial viruses that manifest on stupid mistakes like fake music torrents.

Benefits of Bypassing the Cisco NAC Appliance

1. Saves resources for other software and applications
2. Near-instant Internet access
3. Less restrictions for Internet access

Thus, by sacrificing trivial assurance of security, we gain near-instant Internet access on Windows:

Compare the Login Process on Windows to Linux and Mac

Trivially Connecting to the Internet via Resnet for Windows Users

Simply, there are three steps to gain Internet access on UCI’s Resnet services for Windows users:

1. Download Cisco’s NAC Appliance
2. Download Anti-Virus software with updated virus definitions
3. Download all critical Microsoft updates

For our technically-inclined demographic of college students (not limited to Computer Science majors), this process is tedious; however, for everyone else, this process is daunting.

How the Cisco NAC Appliance Restricts Internet Access

Virus definition updates and Microsoft updates must both adhere to the Cisco NAC Appliance’s subjective standards. The Cisco NAC Appliance will deny anyone that has difficult obtaining an Anti-virus with sufficient virus definitions and Microsoft updates.

Remember that this process is necessary to gain Internet access, implying that we must download and update software without full Internet access. It is nearly impossible but not entirely improbable.

Additionally, if the Cisco NAC Appliance, has bugs (as I have personally experienced), it will deny you Internet access.

Loose restrictions are better: what if you have an essay to upload in five minutes and Cisco demands Anti-Virus definition updates as priority?

Compare this process to Linux and Mac users.

Trivially Connecting to the Internet via Resnet for Linux and Mac Users

1. Visit a website e.g. Google
2. Login with your UCInet ID and Password

Absolutely trivial for Linux and Mac users. This does not mean that people should start switching over to Linux and Mac because of an hour of downloads and updates and possibly more for troubleshooting.

Instead, all we need to do a little hacking.