!

Secure Remote Access: Meeting Health Check Requirements

Overview

The Secure Remote Access Network Connect session establishes an Internet connection from your remote computer to the University network as a trusted device. To reduce the chances of an infected computer passing viruses via this connection, a Health Check checks configuration settings on your computer each time it connects to Network Connect. If the requirements are not met, the computer is at a greater risk of being infected and will be denied access to Network Connect. In order to pass Health Check, your computer must meet the following criteria:

  • Operating system is Windows Vista Service Pack 1, Windows 7, or Windows 8. 
    Note: Macintosh and Linux systems pass the Health Check.
  • Microsoft Automatic Software Update turned on so you can receive the latest security patches.
  • A compatible anti-virus software program is installed (see Appendix)
    Note: Symantec Endpoint Protection is the University’s recommended and officially supported anti-virus solution. It can be downloaded at no cost via the Software Download Service at My Pitt (my.pitt.edu)
  • A software firewall must be installed and enabled on your computer.

Microsoft Automatic Software Updates

Your computer must be configured to automatically check for and install Microsoft Automatic Software Updates.  The updates are released by Microsoft on the second Tuesday of every month, and address security vulnerabilities and bug fixes for Microsoft products. The following steps will configure your computer to receive automatic updates.

1.  From the Start menu, select Control Panel.
Note: Windows 8 users should type in the words “Control Panel” from the Windows 8 ‘tiled’ desktop, then select Control Panel from the results that are displayed.
2.  Double click on the security settings option for your machine type:

Windows Vista Service Pack 1

Windows 7 and Windows 8

3.  Windows Vista Service Pack 1 Users click on Windows Update in the upper left-hand corner. Windows 7 and Windows 8 users click Windows Update.

Windows Vista Service Pack 1

Windows 7 and Windows 8

VistaSP1_Win_Update_1

4.  Windows 7 and Windows 8 Users need to select Change settings in the upper left-hand corner. If you are a Windows Vista Service Pack 1 user, you can proceed to the next step.

VistaSP1_Win_Update_2

5.  For Windows 7, and Windows 8 users, any of the automatic options are acceptable, but it is recommended that users select Automatic with installation on a daily schedule. The default time for installation is 3:00 am, but it can be set to any time that is convenient for you.

Windows Vista Service Pack 1

Windows 7 and Windows 8

VistaSP1_Win_Update_3

 

CSSD also offers an automatic update service that can be downloaded from the Software Download Service at My Pitt. Information on the service, software download, and configuration are available at technology.pitt.edu.

Anti-Virus Protection

Symantec Endpoint Protection is the officially supported anti-virus solution at the University of Pittsburgh and is the recommended anti-virus solution for use with the Secure Remote Access service. Students, faculty, and staff can download Symantec at no cost through the Software Download Service at My Pitt. LiveUpdate is a critical component of Symantec Endpoint Protection. This feature is activated by default during installation and checks for the latest anti-virus and anti-spyware definitions available from Symantec.

The appendix at the end of this document lists a number of other anti-virus programs that should pass the Secure Remote Access Service’s Health Check. If you are not able to connect using these anti-virus programs, we recommend you install Symantec Endpoint Protection.

Personal Firewalls

A personal firewall is a software application used to protect your computer against intruders when the computer is connected to the network. The firewall can be configured to control network connections to and from your computer, filtering traffic that comes into or leaves your computer, and alerting you to attempted intrusions. Health Check verifies that firewalls are installed and activated on your computer, including products from Black Ice, McAfee, and Norton. 

Note The Technology Help Desk at 412 624-HELP [4357] is available 24 hours a day, seven days a week to answer your technology-related questions. Questions can also be submitted via the Web at technology.pitt.edu.

If you do not have a personal firewall on your computer, you can use the Windows Firewall that is built into Windows Windows Vista Service Pack 1, Windows 7 and Windows 8. To enable Windows Firewall:

1.  From the Start menu, select Control Panel.

Note: Windows 8 users should type in the words “Control Panel” from the Windows 8 ‘tiled’ desktop, then select Control Panel from the results that are displayed.
2.  Double click on the security settings option for your machine type:

Windows Vista Service Pack 1

Windows 7 and Windows 8

3.  Windows Vista Service Pack 1, Windows 7, and Window 8 users click on Windows Firewall.

Windows Vista Service Pack 1

Windows 7 and Windows 8

VistaSP1_Win_Firewall_1

4.  If you are a Windows Vista Service Pack 1 or a Windows 8 user select the Turn Windows Firewall on or off link to get the settings page. If you are a Windows 7 user, you can proceed to the next step.

VistaSP1_Win_Firewall_2

 5.  Windows Vista Service Pack 1 users select On to enable the firewall and click on OK. Windows 7 Service Pack 1 and Windows 8 users select Turn on Windows Firewall for both private and public location settings and click on OK.

Windows Vista Service Pack 1

Windows 7 and Windows 8

remediation-firewall

Appendix: Anti-virus Tools (Products and Versions) Compatible with the Health Check

Symantec Endpoint Protection is the officially supported anti-virus solution at the University of Pittsburgh and is the recommended anti-virus solution for use with the Secure Remote Access service. It can be downloaded at no cost from the Software Download Service at My Pitt. The vendor of the Secure Remote Access Service confirms that the following anti-virus products will also pass the Health Check. If you are not able to connect using these anti-virus programs, we recommend you install Symantec Endpoint Protection.

AVG 10 [AntiVirus] (10.x)
AVG Anti-Virus Free (10.x)
AVG 9 [AntiVirus] (9.x)
AVG Anti-Virus Free (9.x)
AVG 8.0 [AntiVirus] (8.x)
AVG Anti-Virus Free (8.x)
ESET NOD32 Antivirus (5.x)
ESET NOD32 Antivirus (4.x)
ESET NOD32 Antivirus (3.x)
FortiClient (4.x)
FortiClient Endpoint Security (4.x)
FortiClient Consumer Edition (3.x)
Kaspersky Anti-Virus (11.x)
Kaspersky Anti-Virus 6.0 (6.x)
Kaspersky Anti-Virus for Windows Workstations (6.x)
Kaspersky Internet Security (9.x)
Kaspersky PURE (9.x)
McAfee VirusScan Enterprise (8.7.x)
McAfee VirusScan Enterprise (8.x)
McAfee VirusScan (15.x)
McAfee VirusScan (14.x)
McAfee VirusScan (13.x)
McAfee VirusScan (12.x)
Microsoft Forefront Client Security (1.5.x)
Microsoft Security Essentials (4.x)
Microsoft Security Essentials (2.x)
Microsoft Security Essentials [Antivirus] (1.x)
Sophos Anti-Virus (7.x)
Symantec Endpoint Protection (12.1.x)
Symantec Endpoint Protection (12.x)
Symantec Endpoint Protection (11.x)
Trend Micro, Inc.
Trend Micro Core Protection Module (1.x)
Trend Micro OfficeScan Client (8.x)