Stanford University School of Earth Science
 
Home
News
New Users
Policies
Network File Server
Web Server
Get Help
Net Connections
    Setup a Computer
   Setup a Printer
   Get Software
   File Sharing
   Security Issues
   FAQ
   Reference
Your Macintosh
Your Windows PC
Your Unix/Linux System
Other School Resources
Using Unix

Network self-registration for desktop and laptop computers

Last revision January 22, 2008

Self-registration is the only supported method to register common desktop and laptop computers on the Earth Sciences network, whether Stanford owned or personally owned. You must meet the following qualifications:

  • The computer runs one of these operating systems: Windows 2000, Windows XP, Windows Vista, Mac OS X, or a desktop Linux distribution. Other operating systems must use the manual registration form.

  • Due to restrictions in our CRC workstation support contract, Stanford-owned Windows PCs must run either XP Professional, Vista Business, Vista Enterprise, or Vista Ultimate; home or media center editions are only acceptable for personally owned computers. Stanford-owned Macintosh PCs must run Mac OS X version 10.3 or later. Earlier versions are only acceptable for personally owned computers.

  • You have a valid SUNet ID.

  • You use a login account on your computer with administrative rights while registering. Administrative rights will be needed to make security settings and install patches and required software.

  • The computer's primary base on campus is in the School of Earth Sciences, which includes all offices and laboratories in the Geology Corner, Mitchell Earth Sciences Building (except the Branner Earth Sciences Library), Green Earth Sciences Building, or the Yang and Yamazaki Environment and Energy Building (Earth Sciences portions). If your primary location is not on the Earth Sciences network, contact the local network administrator for your department to register there.

  • The computer will not be regularly used in an on-campus student residence. If you are an on-campus student registering your personal computer, go to the residential computing web site.

  • You can access a wired network jack in Earth Sciences that is not located in Branner Library or the Hartley Conference Center. These two areas have their own networks. You cannot perform the registration via wireless connection, but once registered, your computer will work on Stanford's wireless network. Make sure your wireless adapter is turned on while registering so it will be noticed.

The goals of the network self-registration system are to collect necessary information about the computer in a mostly automatic fashion; to "quarantine" the computer on a special network that is safe from hackers while basic security of the computer is verified; and then to register the computer for full network access, including roaming access to other campus networks besides the primary location, and wireless access if the computer has a wireless adapter.

How to use network self-registration.

First, make sure that your computer is configured to use the DHCP protocol (sometimes called "automatic configuration") to acquire its TCP/IP settings. This is the default configuration method for all modern computers. If you have changed your settings to any manual configurations, you must restore them to DHCP. You must remove any IP address, IP domain, DNS Server, gateway, or netmask settings that you may have made manually and select pure DHCP.

Next, connect the wired ethernet interface from your computer to one of the active network jacks in any office or lab in the Earth Sciences buildings (except Branner Library and the Hartley Conference Center). You must connect your wired interface; you cannot register via wireless. If your computer has a wireless adapter, make sure it is turned on while registering so it will be noticed and registered.

If your computer is wireless only and has no standard wired ethernet interface, you must register by the manual registration method.

After connecting to the Earth Sciences network, open any web browser program on your computer and go to the Network Self Registration web site at

http://snsr.sunet/

Until your registration is complete, the campus routers will "quarantine" your computer and only allow it to access the Network Self Registration web site and other sites to which it directs you.

Network quarantine protects your computer from being seen or probed by hackers while it is being tested, upgraded, and registered. Statistics collected by the Distributed Intrustion Detection System show that a Windows PC that is lacking essential security patches and settings will be probed and compromised by hackers within minutes of connecting to the public Internet (which includes the Stanford network).

Simply follow the instructions on the self-registration web site, using the big Continue buttons to advance through the steps. Briefly, you must login with a SUNet ID, provide information about your computer, and run the Stanford Computer Health Check program. You may need to install security patches or anti-virus software to pass the health checks. If you must restart your computer after installations, run the health check program again to continue. After you have completed all requirements, your computer information will be entered into Stanford's network registration database. The Stanford DHCP servers will be upgraded within 20 minutes. You then either renew your DHCP lease or restart your computer to get full campus and Internet access.

Details of the self registration procedure.

The rest of this page gives a more complete description of the steps involved in network self-registration. Continue reading if you want to know in advance what you are getting into!

On the first page, you must agree to abide by the provisions of the Stanford University Computer and Network Usage Policy. Even if you don't bother to read the policy shown on this web page, you will be held to its standards, so you should at least read the summary.

Next, you must login with your SUNet ID and password on the standard Stanford Webauth page. Only SUNet ID holders may register their computers for use on Stanford's network. A limited form of guest access is available for Stanford's wireless networks and may eventually be extended to the wired network.

The next registration page will ask you to select your department and building location from drop-down menus, and enter your room number. Your specific department or program should be listed as the default; if not, please select the correct one from the drop-down menu.

Another page collects information about your computer. The self registration system tries to guess your computer type and operating system; correct its guesses as needed using the drop-down menus. A unique network name based upon your SUNet ID will be assigned to your computer. You may edit that name to select one of your own choosing. The program will check to make sure that your desired name is not already in use on the network. You can check a desired name in advance using this web page.

The final information you must provide is to select whether this computer is owned by Stanford or is your personal property, and to select whether it will be used to contain restricted data.

The School of Earth Sciences provides full support for Stanford-owned computers and only limited support for personally owned computers, under the provisions of its Desktop Computing Support Policy.

Only select "yes" to the restricted data question if you plan to store such data on your computer. Just using your computer to access such data on servers does not count. Restricted data includes personally identifiable information about others (such as social security numbers or health information) as well as sensitive information such as Stanford financial data. The question on restricted data alerts our support staff that this computer may need additional security configurations.

You will be asked to download and run the Stanford Computer Health Check program.

The health check program is designed to check for and enforce security requirements. Departments have some discretion to select which features are required on their network. In the School of Earth Sciences, all security features checked by this tool are required before your network registration will be completed.

For both Windows and Mac OS X, the health check program verifies that you have set non-trivial passwords on your local accounts, that you have properly configured "Windows Updates" on a Windows PC or "Software Update" on a Mac to check regularly for new security patches, and that you have installed all critical security patches released by Microsoft or Apple.

If you are missing security patches, the health check program downloads and installs Windows patches directly for you. For Mac OS X, it opens the Software Update application so you can download and install Apple's patches. After you install patches, restart your computer and then re-run the health check program to continue.

For both Windows and Mac OS X, the health check program requires that you have a modern anti-virus program installed. If it does not detect one, it directs you to install the Stanford site-licensed version of Symantec Anti-Virus from the Essential Stanford Software web site. After installing anti-virus software, restart your computer and then re-run the health check program to continue.

For Windows, additional security checks are done. The health check program makes various registry settings to improve security and runs the Microsoft Malicious Software Removal Tool to remove the most common virus and worm programs, if any are present.

For Windows, the health check program also requires that you install the site-licensed BigFix patch management program from the Essential Stanford Software web site. No restart is needed.

BigFix operates as a backup to your automatic "Windows Updates" settings, to make sure security patches are installed. Our desktop support technicians can use it to remotely query the security status of your PC. It also allows the campus Windows infrastructure team to quickly force out a patch to your computer in the event of a security emergency. This was used effectively during the Zotob/Esbot infection that swept campus in August, 2005, for example, to cut the probability of infection by a factor of ten for PCs running BigFix.

If you are registering your personal computer, when you leave Stanford, you should remove the BigFix program (using the Add/Remove Programs control panel).

After passing the security checks, and clicking the Continue button in the health check program, your information will be entered in the campus network database to register your computer, and you will be sent to a web page that describes Earth Sciences specific configurations that you should make. That web page is the same one referenced in the Next Step link at the bottom of this page.

Wait about 20 minutes for the campus DHCP servers to be updated, and then you should be able to access the full campus network and Internet. You must either renew your DHCP lease or restart your computer.

The ITS Network Self-Registration web site provides details of the system internals for local network administrators.

 
<--Previous Step Overview Next Step-->

 


Comments?

Stanford University    |