Educause Security Discussion mailing list archives
Re: Guest WiFi Access
From: Joe St Sauver <joe () OREGON UOREGON EDU>
Date: Thu, 8 Sep 2011 11:21:04 -0700
Dan commented: #When you say port locking, do you mean a physical device that prevents #removal of an Ethernet cable by anyone from the wall? That can be difficult to practically prevent, and something I addressed in a relatively recent talk on IT physical security, see "Physical Security of Advanced Network and Systems Infrastructure" http://pages.uoregon.edu/joe/phys-sec-i2mm/phys-sec-i2mm.pdf at slides 40-42 It's a hard problem. You've potentially got LOTS of jacks (so any solution can't be expensive), there isn't a lot of space if they jacks are densely deployed/tightly spaced, if you fix the jack what are you going to do to secure the associated cable, etc. #What about at the workstation level? Dave indicated that students just #snip cable ties, if you are locking at the wall, how are you preventing #users from taking a wire from the workstation? Or unscrewing the face plate from a jack panel, or cutting and reterminating the CAT5 for that matter (admittedly not a common skill set, but Radio Shack does sell CAT5 tools to the general public for a modest $39.99, see http://www.radioshack.com/product/index.jsp?productId=2102896 ) I think you really want to authenticate users who may be at public ethernet jacks the same way you authenticate wireless users, and recognize that preventing users from obtaining unauthorized physical access to physical ethernet jacks is more or less a hard/unsolved practical problme (short of sheltering jacks within locked offices or some sort of locking enclosures) #I suspect many students are not likely to be carrying around Ethernet #cables, although they may on a campus with limit wireless. Do you have #cable locks in office spaces where students may bring their own laptops? #Heck, the vast majority of our students do not know what an Ethernet #cable is, they have been so indoctrinated to wireless that they seemingly #do not know of anything else. But beware some of the rare ones that *do* :-) Regards, Joe
Current thread:
- Re: Guest WiFi Access, (continued)
- Re: Guest WiFi Access Tim Doty (Sep 08)
- Re: Guest WiFi Access Foerst, Daniel P. (Sep 08)
- Re: Guest WiFi Access Roger A Safian (Sep 09)
- Re: Guest WiFi Access Mark Monroe (Sep 09)
- Re: Guest WiFi Access Roger A Safian (Sep 09)
- Re: Guest WiFi Access Alexander Kurt Keller (Sep 08)
- Re: Guest WiFi Access Jeff Kell (Sep 08)