Educause Security Discussion mailing list archives
Re: Guest WiFi Access
From: Mark Monroe <markm196 () NETSCAPE NET>
Date: Thu, 8 Sep 2011 12:03:49 -0500
We have port locking enabled on all wired ports on campus including labs/classes and offices.. This prevents the unplug option..
As for guests, I have an app, that faculty and staff can use to "vouch" for a guest and create an account for them that lasts 1, 3 or 7 days, the account is tied back to the creator, which is who I send the FBI to when they come calling.. the account only has permission to register their system on the guest wireless network (own firewall segment away from campus) and cannot auth on any campus computers or systems..
We use Bradford as our nac for wireless and all wired ports to do the registration.. if that matters..
Mark Monroe Information Security Officer University Of Missouri St. Louis (314)516-4859 On 9/8/2011 11:41 AM, David Gillett wrote:
Dave Koontz wrote:Students, guests, and others can just plug themselves into any wired jackwithout IT knowledge (in mostorganizations)... and they often do. We find people unplugging labcomputers, printers, etc. and patchinginto the jack.This is a recurring issue for us, too. We do have a couple of small areas where wired jacks are deliberately provided for visitors to plug into, but I'm talking about students who walk into a lab, unplug a computer provided by the college, and plug their own device in instead. Oh, and if they have to cut a plastic tie-strap to do that, it barely slows them down.I don't believe CALEA has separate rules as to how someone accesses acampus network or the internet, be itwired or wireless. Someone please correct me if I am wrong.I don't believe the questioner was asking about provisions of CALEA per se, but about the FCC's ruling (early 2009 if I recall correctly) that providers of *public* Internet access are bound by CALEA -- i.e., must have resources in place to allow easy/prompt intercept and recording of voice (VOIP) traffic. My impression is that most higher-ed institutions have chosen to shield themselves from this requirement by ensuring that their networks are *private*, with the possible exception of areas where they qualify for exemptions to the FCC ruling -- in libraries, for instance. (We had an incident on one campus where an instructional assistant decided to "fix" the limited coverage of our guest wireless by putting up his own router, using our guest SSID, in an area that did not qualify.... If he had simply reported the disappointing coverage, we would have explained to him the legal constraint under which we operate.) David Gillett, CISSP CCNP Sr, Security Engineer Foothill-De Anza College District
Current thread:
- Guest WiFi Access Crim, David (Sep 07)
- Re: Guest WiFi Access Julian Y Koh (Sep 07)
- Re: Guest WiFi Access Roger A Safian (Sep 07)
- Re: Guest WiFi Access Dexter Caldwell (Sep 07)
- Re: Guest WiFi Access Gregory Williams (Sep 07)
- Re: Guest WiFi Access Dave Koontz (Sep 07)
- Re: Guest WiFi Access Parker, Ron (Sep 08)
- Re: Guest WiFi Access David Gillett (Sep 08)
- Re: Guest WiFi Access Mark Monroe (Sep 08)
- Re: Guest WiFi Access Tim Doty (Sep 08)
- Re: Guest WiFi Access Foerst, Daniel P. (Sep 08)
- Re: Guest WiFi Access Roger A Safian (Sep 09)
- Re: Guest WiFi Access Mark Monroe (Sep 09)
- Re: Guest WiFi Access Roger A Safian (Sep 09)
- Re: Guest WiFi Access Dave Koontz (Sep 07)
- Re: Guest WiFi Access Julian Y Koh (Sep 07)
- Re: Guest WiFi Access Alexander Kurt Keller (Sep 08)
- <Possible follow-ups>
- Re: Guest WiFi Access markm196 (Sep 08)
- Re: Guest WiFi Access markm196 (Sep 08)
- Re: Guest WiFi Access Jeff Kell (Sep 08)