From CIT Wiki
Safe•Connect Authentication Frequently Asked Questions
What is Safe•Connect and why is it being used?
Safe•Connect is a network access control technology the college is using so it can provide wireless network services that comply with Oberlin College policy: CIT reserves the right to monitor systems necessary to protect the integrity, security, or functionality of College computing resources, when it is suspected that an account or system is engaged in unusual or excessive activity or it has good cause to believe that regulations, rules, or laws are being violated.
Safe•Connect will require users to authenticate with a username and password before allowing them to use network services. When you authenticate, the system records which network address you were assigned and how long you used it. Your username and password are your keys to the network; don't share them with anyone. You are responsible for all acts performed using your account, including copyright violations. If you are concerned that someone may be able to use your account, change your password immediately.
Safe•Connect can currently only enforce the configuration requirement on systems running the Microsoft Windows or Macintosh OS X operating system. Client applications are being created for other operating systems. When those clients are available, the campus will require their use too.
We had a NAC before. Why do we need to change to Safe•Connect now?
CIT has been using a Network Access Control (NAC) product for network authentication/access control for the past 4-5 years. This product has reached the end of its life; it's no longer able to handle the latest threats - newer viruses and worms, etc.
CIT has been researching newer NAC technology for the past year and have been extensively testing Safe•Connect this summer. This product provides many enhanced capabilities we believe are essential to helping keep our IT environment safe and secure. Additionally, it is one of few network authentication control systems that allows near-equal scanning ability for both Macintosh and Windows; most products are compatible with Windows only or provide very little information about Macintosh.
What do I need to do?
First and foremost, you must know your ObieID username and password. Your password should be kept secret. Do not ever write it down or share it with anyone.
Secondly, if your device is running a Microsoft Windows or Macintosh OS X operating system you will also need to:
- have an updated anti-virus application,
- have the Safe•Connect client application installed and running
It is critical that you have only one anti-virus program installed on your computer. Having multiple anti-virus programs installed may result in false readings and prevent you from using the network services.
How do I get and install the Safe•Connect client?
If your computer is NOT running Microsoft Windows or Macintosh OS X you do NOT need to download and install the policy key application.
On Windows
- Open a web browser. You will be prompted to download the application.
- When prompted to either run or save the file, click the "Run" button.
- After the installer downloads it will run.
- Follow the prompts presented by the installer to proceed through the installation process. You can expect to click an "Install" button to start the installation process and a "Finish" button when the installation has completed successfully.
- The PolicyKey.exe application will be running as a background process and will start automatically each time you start up your computer.
If you would like screenshots of the entire installation process or details on a warning screen you have received, click here.
On Macintosh OS X
- Open a web browser. You will be prompted to download the application.
- Save the Policy Key software to the desktop.
- If the install process does not begin automatically, double click the ZIP file that was downloaded and the installer should be placed on the desktop.
- Double click the installer PKG file to begin the installation process.
- Click "Continue" to advance.
- On the next screen of the installer, click "Install" to continue. You may be asked to provide your Mac OS X administrator username and password to continue.
- Once the installation is complete you should get the following "Install Succeeded" message. Click "Close" to finish the installation.
If you would like screenshots of the entire installation process or details on a warning screen you have received, click here.
On Linux and Other WiFi Compatible Devices
Linux machines, iPhones, and iPod Touches do not yet have a Safe•Connect policy key, but will still be required to authenticate. Nintendo Wii, Microsoft XBox, and Sony PS3 systems should be automatically recognized by Safe•Connect and will not be required to authenticate. If your device can connect to WiFi and you are still having difficulty reaching the Oberlin College network, please contact the CIT Help Desk (x58197) for assistance.
Do I have to use the Safe•Connect Policy Key?
Yes. All Microsoft Windows PCs and Macintosh computers are required to use the Safe•Connect Policy Key to ensure a safe computing environment for all and it is required for network access.
You can uninstall Safe•Connect Policy Key at any time; however within minutes you will then be unable to access the Internet through a campus network running NAC. You will be required to reinstall the Policy Key as if you are a new user to gain Internet access.
How often do I have to authenticate?
Safe•Connect requires reauthentication once per semester or when the IP address on your computer changes, whichever comes first. On mobile devices and computers that do not have the Policy Key installed (e.g., Linux, iPhone), authentication is only required once as long as you use your device on ObieWiFi regularly. A period of inactivity over several days will require reauthentication.
Are guests required to install the Safe•Connect Policy Key?
Yes, guests are required to install the Safe•Connect Policy Key or will not obtain network access. Once installed, the Policy Key is clearly listed in Add/Remove Programs (on Windows) and in the Applications folder (on a Macintosh) and can be easily uninstalled when guests leave Oberlin. Guests must also have a sponsored account created for them by a current faculty member, staff member or student. They may authenticate using this username and password.
How do I know the Safe•Connect Policy Key is running?
On Windows machines with Windows 2000 or Windows XP, you can right-click any blank space on the task bar at the bottom of your screen and select the option “Task Manager”. When the Windows Task Manager appears, click the “Processes” tab and look for the process “SCClient.exe”. Mac OS users can open the Activity Monitor located in the Utilities folder. From the Activity Monitor, look for the process Policy Key. If this small application is uninstalled or disabled, the system will disallow network access until the end user reauthenticates and reinstalls it, to ensure proper network safeguards are being made at all times.
Is the Safe•Connect Policy Key compatible with my system?
The Safe•Connect Policy Key is compatible with and required for Windows and Macintosh OS X systems. At the present time, Linux, and FreeBSD machines are not required to install the Policy Key but will still be required to authenticate using a valid ObieID and password.
What are the things Safe•Connect checks for?
The Safe•Connect Policy Key continuously validates that your system meets minimum security requirements as per Oberlin College's acceptable use policy.
- Authentication: Required once per semester or when the IP address on your computer or mobile device changes, whichever comes first
- Policy Key: If using Windows or Mac versions 10.3 and higher and do not have policy key installed, you will not be able to access the network.
- Windows Operating System Updates: If Windows is not set to check for automatic system updates, pop-up web browser warnings will be issued. After four warnings issued every 24 hours have been given, you will be warned once per week.
- Anti-Virus Software Installed and Running: If anti-virus software is not detected installed and running, pop-up web browser warnings will be issued. After four warnings issued every 24 hours have been given, you will be warned once per week.
- Anti-Virus Software Up-to-Date: If anti-virus software is out-of-date, pop-up web browser warnings will be issued. After four warnings issued every 24 hours have been given, you will be warned once per week.
- Peer-to-Peer Software Running: If P2P software is detected running, pop-up web browser warning will be issued every other day.
You can download free anti-virus software by accessing CIT's download page here and entering your ObieID and password.
Which anti-virus software can I use?
Safe•Connect recognizes many anti-virus programs and is not limited to the products that CIT provides for free on its downloads page (Sophos for Macintosh and McAfee for Windows). Recognizes anti-virus programs include:
- Authentium
- Avast AV
- AVG
- AVGuard
- BitDefender
- EZ Antivirus
- Kaspersky
- McAfee
- McAfee NA
- McAfee 45
- NOD32
- Panda
- Sophos
- SpySweeper AV
- Symantec
- Symantec Corporate
- TrendMicro
- TrendMicro Corporate
- ZoneAlarm AV
What are the benefits?
The Safe•Connect Policy Key is part of CIT's effort to help keep the computers on its network as free as possible from viruses, spyware, and operating system security holes. Machines protected in this way generally perform much better and require much less downtime due to damage caused by malicious software. Also, the Safe•Connect Policy Key can help to ensure that the average user has the fastest possible browsing experience while connected to Oberlin College's network. It does this by ensuring that communication from malicious software does not flood the College's internet connection, resulting in much slower connections for legitimate users or by restricting certain applications that would otherwise consume an unfairly large share of the school's bandwidth, again resulting in a slower connection for the majority of users.
What if my system is not up-to-date?
If your system has been determined not to be up-to-date, a web browser will open and you will be warned of non-compliance. If you require assistance in updating your computer, please call the Help Desk at x58197.
What about my privacy?
Your privacy is important to us. The Safe•Connect Policy Key checks only for the following:
- DNS Server settings
- DHCP Settings
- MAC and IP Address of default gateway
- IP Address
- Windows Update settings
- Whether or not (and which) anti-virus solution is installed
- Whether or not anti-virus definitions are up-to-date
- Whether or not an anti-virus program is running
- Whether or not a P2P file sharing application is running
The policy key software application can be easily removed when one departs. This application is not an intrusive one. It can't look at content on a user's computer. Its only purpose is to check for the processes we have configured it to look for: current anti-virus software and current Microsoft updates, plus known P2P file-sharing programs. Regarding P2P file-sharing programs, we have configured the system to provide warnings to the user they have this software, as well as advice on how to resolve this (delete the program or disable file-sharing). Our objective is to educate users so they do not end up with copyright violations.
Impulse Point, the company that created the Safe•Connect product, has released a privacy statement which is available for download (.pdf) here: Safe•Connect Privacy Statement.
How are P2P file sharing applications monitored?
CIT is required to ensure compliance with various federal and state laws.
Computers connected to the Oberlin College network that are running the Safe•Connect client continually monitor to see whether P2P file sharing applications are running at a given time. A pop-up browser warning will be issued if the program is detected running.
Can you see everything on my computer?
No. The Safe•Connect software cannot take a snapshot of an entire system and cannot identify all the programs, file or folders on a given computer.
Will I receive a notice if Safe•Connect is changed to implement other features?
CIT will ensure that barring any unforeseen emergencies, proper notice will be given for any implementations of other Safe•Connect features or product enhancements before any policy change is made. Proper notice will also be given prior to Safe•Connect policy changes for College legislative compliance.
Where do I get help with a warning message I received from Safe•Connect?
If you would like details about a warning screen you have received, click here. Alternatively, call the CIT Help Desk (x58197) for personal assistance.
How do I uninstall the Safe•Connect Policy Key?
On Macintosh
Open the Applications folder and locate "SafeConnect.app". Right-click (or Control-Click) on the SafeConnect.app and select "Show Package Contents." Open up the Contents folder, and you'll see the "SCUninstall.app". Run this uninstaller.
On Windows XP
Open the Control Panel and choose Add and Remove Programs. Find SafeConnect in the list and choose Uninstall.
On Windows Vista
Open the Control Panel and choose Programs and Features. Find SafeConnect in the list and choose Uninstall.
Known Issues with Safe•Connect
Unable to Install Policy Key on Mac OS X 10.3.9
The Safe•Connect Policy Key cannot be installed on computers running OS X 10.3.9. CIT recommends that faculty and staff people request a computer upgrade of their college-owned machines and that students, if possible, upgrade their own machines to OS X 10.4 or above. If for some reason you cannot upgrade your computer to 10.4 or above, please contact the Help Desk (x58197) for further assistance.
Windows XP Repeatedly Asking for Policy Key Installation
In several instances, users have installed the Policy Key on computers running Windows XP and have continued to receive pop-up web browser windows indicating that this step was still required. In this case, uninstall the Policy Key through Add/Remove Programs and head to the downloads page on CIT's website to download and install a new copy of the Policy Key. Note: You will need to enter your ObieID and password to reach the downloads page.
If you have difficulty uninstalling the Policy Key, open Windows Task Manager (Ctrl+Alt+Delete) and click on the Processes tab. Highlight the process called SCClient.exe and click End Process at the bottom of the window. Then proceed with the uninstallation/reinstallation process noted above. Should you have additional issues or other questions, please contact the Help Desk (58197) for further assistance.
Mac OS X 10.4+ Repeatedly Asking for Policy Key Installation
Reinstall the Policy Key using the one available for download on CIT's website. Note: You will need to enter your ObieID and password to reach the downloads page. If you have continued problems after reinstallation, please contact the Help Desk (x58197) for further assistance.
OnCampus/Blackboard Loads Instead of My Homepage
Occasionally, and each time you need to authenticate, you will be redirected to OnCampus/Blackboard instead of your homepage when opening a web browser. However, you should still be able to browse the web uninterrupted.
I can browse for a few minutes and only asked to authenticate later. Why is this?
Safe•Connect may not catch your computer or mobile device immediately after turning it on. Rather, it may catch your computer or device and ask for authentication after some traffic has passed across the network. If you find yourself unable to continue browsing or using other web services on your mobile device, simply open a browser and authenticate.
