Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: quick poll please.. unauthenticated wireless

From: ken lindahl <lindahl () BERKELEY EDU>
Date: Tue, 20 Apr 2010 13:25:08 -0700
On 4/20/2010 12:25 PM, Barros, Jacob wrote:

Do you offer unauthenticated wireless for conference facilities?


no. we offer a guest service in which an authenticated member of the campus community can create short-lived (1-7 days) 
accounts/passwords for campus visitors. the entry page for creating these accounts includes the following:

 "The creator of a guest account is the contact for any security or policy concerns related to the use of the guest 
account. The creator of a guest account must ensure that the user of the guest account abides by the terms and policies set 
forth in the following websites:

"[list of URLs specifying campus use policies]

"Any guest account (and/or associated computer) found to be in violation will be blocked from further access to [campus 
wireless service]."

i don't really think this provides us much assurance in practice, although there have been a few occasions when 
infected machines have been detected, blocked and a request sent to the creator to inform the visitor of the problem.


Is that wireless encrypted?


no. we emphasize the importance of end-to-end encryption.


Is it a completely separate network / just internet access only?


no. our wireless service is a part of the campus network.

ken
Previous By Date Next
Previous By Thread Next

Current thread: