Educause Security Discussion mailing list archives
Re: Wireless Guest Access
From: "Koerber, Jeff" <jkoerber () TOWSON EDU>
Date: Thu, 28 Sep 2006 18:51:40 -0400
We broadcast our guest network and it only allows Web and IM traffic through and is separate from the rest of our campus network. We don't broadcast our secure network SSID and we require LEAP authentication against AD. On our university owned laptops (Dell Latitude D series with internal Dell Wireless cards), we configure them to use the windows login information; therefore, they only have to log into their laptop with their AD account and it automatically logs them into the wireless network. Since the login script runs, they even get their network drives mapped. The down side to this is that it significantly slows down login because the wireless utility has to load before they can log in (I teach them to use hibernate instead of shutting down). For non university owned laptops, they either use the guest network or they are prompted to authenticate to our secure network. We haven't had any legal or political battles and everyone seems happy with the network (we don't receive many complaints and we see lots of people using it). We occasionally get a guest who wants to VPN to another network and we have to explain that we don't allow that on our guest network. Hope this helps, Jeff Koerber Technical Services Coordinator Office of Technology Services Towson University Towson, MD ________________________________ From: Matt Arthur [mailto:arthur () WUSTL EDU] Sent: Thursday, September 28, 2006 11:49 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Wireless Guest Access Greetings, We are in the process of adding a couple hundred of the new generation centrally controlled wireless access points. Our current system requires a login and pw. The new system requires the same. We have had a discussion locally about adding a 'Guest' SSID that would not require a login and would ONLY provide access to web traffic. Our main goal is to allow visiting faculty, staff, prospective students, and parents to have a way to use their mobile device to check email via their yahoo account, web portal, etc... From a technical security point of view, we feel okay that folks won't be able to 'cross over' into our secure SSID area and if they download a virus/bot, it can't jump onto our network. My questions and concerns are more towards the political and legal side of things. Does anyone offer this type of wireless access? If so, are there legal/political battles that you have either fought or stepped around? Or does everyone still require some form of authentication? Thanks ahead of time! Matt Matthew K Arthur, CISSP Director, NTS-Enterprise Networks Washington University in St. Louis W: 314.935.7388, F:314.935.7142
Current thread:
- Wireless Guest Access Matt Arthur (Sep 28)
- <Possible follow-ups>
- Re: Wireless Guest Access Randy Marchany (Sep 28)
- Re: Wireless Guest Access HALL, NATHANIEL D. (Sep 28)
- Re: Wireless Guest Access Christopher Misra (Sep 28)
- Re: Wireless Guest Access Steve Lovaas (Sep 28)
- Re: Wireless Guest Access Geoff Nathan (Sep 28)
- Re: Wireless Guest Access Joe St Sauver (Sep 28)
- Re: Wireless Guest Access Matt Arthur (Sep 28)
- Re: Wireless Guest Access Steve Lovaas (Sep 28)
- Re: Wireless Guest Access Jeff Giacobbe (Sep 28)
- Re: Wireless Guest Access Koerber, Jeff (Sep 28)
- Re: Wireless Guest Access Geoff Nathan (Sep 29)