Educause Security Discussion mailing list archives
Re: Pervasive Campus Wireless
From: "Avdagic, Indir" <indir_avdagic () WSU EDU>
Date: Fri, 23 Jan 2009 14:22:00 -0800
We are using Cisco Wireless Control (WCS) to support guest wireless access. Cisco recommends the use of a controller dedicated to guest traffic. This controller is known as the guest anchor controller. The selection of the guest anchor controller is a function of the amount of guest traffic as defined by the number of active guest client sessions, or as defined by the uplink interface capacity on the controller, or both. A maximum of 2048 guest usernames and passwords can be stored on each controller_s database. Therefore, if the total number of active guest credentials is in excess of this number, more than one controller will be needed. Because of this limitation it is highly recommended usage of external RADIUS server. Also, we use Cisco Wireless Control (WCS) for centrally creation and management of guest accounts. A WCS administrator can establish a limited−privilege administrative account within WCS that permits lobby ambassador access for the purpose of creating guest credentials. In WCS, the person with a lobby ambassador account is able to create, assign, monitor, and delete guest credentials for the controller serving as a guest anchor controller. The lobby ambassador can enter the guest username (or user ID) and password, or the credentials can be auto-generated. There is also a global configuration parameter that enables the use of one username and password for all guests, or a unique username and password for each guest. If the WCS is not deployed, a WCS administrator can establish a lobby ambassador account on the guest anchor controller. A person who logs into the guest anchor controller using the lobby ambassador account will have access only to guest user management functions. I hope this helps. ____________________________________________ Indir Avdagic, CISSP, ACSA, TICSA Network Security Engineer Washington State University indir_avdagic () wsu edu Phone: (509) 335-3279 http://infotech.wsu.edu/security/ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Eme Ejike Sent: Friday, January 23, 2009 10:27 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Pervasive Campus Wireless Since the focus of providing access to the wireless system is geared primarily for visiting guest. We are of the stance that some sort of sponsorship is applicable. Our current approach was developed as a use case. Additionally, accessibility was of the utmost concern. Don't forget the sponsorship request is an online/web service that could be potentially available to all associated university community members if the need be. The system is managed on our enterprise IDM segment. This decision is determined by management. By providing some form of accountability not only do we cover mandated state regulations but we also leverage our resources in detecting and determining sources of threats or vulnerability to our network environment. Eme Ejike Old Dominion University Systems Security Officer 4700 Elkhorn Ave - Room 4300 Norfolk, Va, 23529 USA Phone: (757) 683-6755 eejike () odu edu The information in this email and any attachments may be confidential and privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient (or the employee or agent responsible for delivering this information to the intended recipient) please notify the sender by reply email and immediately delete this email and any copies from your computer and/or storage system. The sender does not authorize the use, distribution, disclosure or reproduction of this email (or any part of its contents) by anyone other than the intended recipient(s). No representation is made that this email and any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. Dick Jacobson wrote: On Thu, 22 Jan 2009, Jerry Sell wrote: I have seen several responses to this and have a couple questions. First, if your guest is "sponsored" and "authenticated" is this really an "open" system ? I interpret "open" as unauthenticated and providing the service (intentionally or not) to the community at large (including the institutional community). With that in mind, and with the legislative environment of the last several years, is there not a great risk in anonymously providing access to the larger community ? My superiors are interested in gathering some data concerning what other universities are providing open access guest wireless services on their campuses. It would be helpful to us if we could enlist your input on the following questions. 1. Does your university provide an open access Wifi system for guests on campus? 2. If so, does it have encryption of any kind setup? 3. Do you use a third-party subscription service such as Boingo, or do you have your own subscription service, or no subscription required? 4. If you don't require any authentication/subscription, how does your University feel about the risk of providing an anonymous platform that can be used for illegal activity? Have they accepted the risk? Do they not feel the risk is great enough to mitigate? Many thanks in advance to those who respond. Thank you, Jerry Sell, CISSP Security Analyst Brigham Young University (801)422-2730 Jerry_Sell () byu edu<mailto:Jerry_Sell () byu edu> <mailto:Jerry_Sell () byu edu> ----------------------------------------------------------------------- Dick Jacobson e-mail : Dick.Jacobson () ndus NoDak edu NDUS IT Security Officer office : STTC 219 phone : 701-231-6280 <NEW phone number> -----------------------------------------------------------------------
Current thread:
- Re: Pervasive Campus Wireless, (continued)
- Re: Pervasive Campus Wireless Theresa Semmens (Jan 22)
- Re: Pervasive Campus Wireless Dergenski, Todd A. (Jan 22)
- Re: Pervasive Campus Wireless Alex (Jan 22)
- Re: Pervasive Campus Wireless Randy Marchany (Jan 22)
- Re: Pervasive Campus Wireless Hugh Burley (Jan 22)
- Re: Pervasive Campus Wireless Dick Jacobson (Jan 23)
- Re: Pervasive Campus Wireless Barros, Jacob (Jan 23)
- Re: Pervasive Campus Wireless Basgen, Brian (Jan 23)
- Re: Pervasive Campus Wireless Kevin Lanning (Jan 23)
- Re: Pervasive Campus Wireless Eme Ejike (Jan 23)
- Re: Pervasive Campus Wireless Avdagic, Indir (Jan 23)
- Re: Pervasive Campus Wireless Josh Richard (Jan 26)