FAQ – NAC & EDR Systems
Workstations are exposed to a range of cyber threats related to their use by the employee, their definitions, and their connection to the organizational network and the Internet.
To reduce cyber risks throughout the University network, the University has chosen the solutions (NAC & EDR) that allows only computers, workstations and network components authorized and verified by the Computerization and Information Technology Department to use the University resources, and installing them on all of the University's computers.
Computers on which the EDR & NAC systems won't be installed by May 30, 2022, will be disconnected from the LAN network.
On this page we'll try to answer your questions
So what exactly is NAC/EDR and what is it used for?
NAC (Network Access Control) is a system that enables or prevents access to the organizational network like workstations, end points & IOT devices, for example: IP cameras, smart TV etc. This done by investigating the workstation or IOT devices, and enforcement in alignment with the information security policy as determined in advance.
The NAC system periodically conducts a routine check of the security mechanisms for all the computers and the end points equipment that connected to the University network, without damage to the routine operations by the user. The system verifies that the security policy set by the University, is in effect at the end computer or device. The check or the investigation in alignment with the NAC system is performed by the agent installation called SecureConnector which will be installed in all computers and all the operating systems – Windows, Mac & Linux.
The NAC agent enables immediate identification of security risks at the same station or end position connected to the operating system and handling the event in real time.
EDR (Endpoint Detection Response) is a system, which monitors the activity of the positions and servers in the organization. If a malicious activity is detected, an alert is sent and it can even handle the incident.
The EDR system periodically conducts a routine check of the security mechanisms for all the computers and the end points equipment that connected to the University network, without damage to the routine operations by the user. The system verifies that the security policy set by the University, is in effect at the end computer or device. The check or the investigation in alignment with the EDR system is performed by the agent installation called CrowdStrike Falcon Sensor which will be installed in all computers and all the operating systems – Windows, Mac & Linux.
The EDR agent enables immediate identification of security risks at the same station or end position connected to the operating system and handling the event in real time.
Are they imposing a heavy load on computer resources?
The softwares were installed and checked for several months on the computers in the Information Security Unit and the Information Technology Department of the University, and a pilot was made on 200 computers including research labs in our facutly, and it was found to work properly, and more then that, it was found to use very low memory and processing power; thus, it does not overload or slow down the computer.
On what computers should they be installed?
The systems should be installed on any computer purchased from a university budget connected to the university wired network using a network cable.
We emphasize that there is no need to install:
- On computers located in homes only.
- On computers that connect to the wireless network only.
- Private student computers *.
* It is important to clarify that these computers are not supposed to work on the wired network according to the university procedures, but only for the wireless network. Therefore, there is no need to install NAC and EDR software in them. Please note, if you still choose to install the above software, in order to remain connected to the wired network, this may have some effect on browsing at home and due to the organization's settings, and it will not be possible to remove the software. And we can not help remove them.
What to do with a computer that NAC/EDR systems aren't allowed to/cannot be installed on and must be connected to the wired network?
If you have such computers, please open a ticket using our e-mail: lifeguard@tauex.tau.ac.il
Please provide the following details in your mail:
- Name of the PI
- Computer's name
- IP Address
- Location: Building and Room No.
- Is this computer connected to Wired LAN?
- Which operating system is installed.
- Is it connected to a device?
- Reason for exclusion
What will happen if I don't install them?
In the event that you do not install them on your computer, your workstation will be blocked from entry and access to the University computer network.
How will guests' computers be connected to the network?
Guests coming to the campus with their personal computers will connect to the wireless network and therefore, will not need to install the softwares.
Will this prevent me from working with software installed on the computer?
There will be no interference in working with software installed on your computer, as long as no computer vulnerabilities have been identified that could risk the information on the computer and the university network.
How do I update the software?
The system updates itself frequently and completely independently.
Does the system collect data from outside of the University?
Don't worry, the system does not collect any data from your computer. It only checks that the computer is adequately protected for working on the network.
How to install the systems?
See instructions by Operating System:
