Educause Security Discussion mailing list archives
Re: Ports/applications permitted for Guest Access
From: "Gioia, Matthew P." <MGioia () STLCC EDU>
Date: Mon, 12 Sep 2011 14:54:45 -0500
We treat guests like people coming in from the internet - we drop them off at the firewall and they get access to our externally facing systems. We were considering restricting non-web/email/vpn application ports as well. Then I went through our flow logs to see how much of the bandwidth "everything-else" took up. Everything-else took up about 10-15% of the traffic. So 85%+ of our traffic was already riding those ports. So then the question became - do the pros outweigh the cons when we're talking about 10-15% of our guest-access bandwidth, or are there better ways to spend my time? It took about 30 seconds to consider. Of course YMMV, Matthew Gioia, CISSP Network Security Analyst St. Louis Community College (314) 539-5075 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Roger A Safian Sent: Friday, September 09, 2011 10:11 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Ports/applications permitted for Guest Access Greetings, We are looking at modifying and expanding our current guest access policy. Currently guests have the same access as everyone else, but, they also need to have a guest ID provided to them. This is a somewhat cumbersome process. We would like relax the policy, but, at the same time, we don't want to just allow anyone to do anything on our network. We are considering offering guest access for specific ports or applications. Guests might not even be considered part of "our" network. My question, for those of you who do have guest access is, what exactly do you allow your quests to do? Our initial thought is something like web, email, vpn. I especially am concerned that we limit P2P on the guest network. Thanks.
Current thread:
- Re: Ports/applications permitted for Guest Access, (continued)
- Re: Ports/applications permitted for Guest Access Valdis Kletnieks (Sep 11)
- Re: Ports/applications permitted for Guest Access David Gillett (Sep 12)
- Re: Ports/applications permitted for Guest Access Robert Lau (Sep 11)
- Re: Ports/applications permitted for Guest Access Kevin Wilcox (Sep 16)
- Re: Ports/applications permitted for Guest Access (deep packet inspection) Barron Hulver (Sep 11)
- Re: Ports/applications permitted for Guest Access Roger A Safian (Sep 16)
- Re: Ports/applications permitted for Guest Access Matthew Gracie (Sep 19)
- Re: Ports/applications permitted for Guest Access Ed Zawacki (Sep 20)
- Re: Ports/applications permitted for Guest Access Roger A Safian (Sep 20)
- Re: Ports/applications permitted for Guest Access Roger A Safian (Sep 19)
- Re: Ports/applications permitted for Guest Access Gioia, Matthew P. (Sep 12)
- FW: Ports/applications permitted for Guest Access Boyd, Daniel (Sep 19)