Educause Security Discussion mailing list archives
Re: Guest Wireless Restrictions
From: Bob Bayn <bob.bayn () USU EDU>
Date: Tue, 8 May 2012 18:57:37 +0000
We have had a fully-functional guest registration system that requires a sponsor (staff or student) to generate the ticket for the guest to authenticate on the wireless system. We are just deploying a new guest system that only requires self-registration with an email address and provides only restricted access, filtering and limited bandwidth. The service is good enough for visitors to check their email, etc. But not good enough for youtube and other high bandwidth applications. It will allow only outbound connections on standard ports, so most P2P will be blocked in addition to rate-limited. The occasional DMCA complaints on our current guest system are attributed to the local authorizer of the ticket. The guilty MAC is denied access which can be recovered on the usual assurances that the material has been removed and payment of a $25 fee. If the guest doesn't want access restored, the ticket authorizer is not responsible for the fee. Bob Bayn (435)797-2396 IT Security Team Office of Information Technology, Utah State University three common hazardous email scams to watch out for: 1) "phishing" for your email password 2) unfamiliar transaction report from familiar business 3) attachment with no explanation in the message body ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Nardone, Mark [m.nardone () NEU EDU] Sent: Tuesday, May 08, 2012 12:49 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Guest Wireless Restrictions Many of us have some form of "Guest Wireless Access", I am interested in what others are doing in terms of restricting that access. Do you: Require any kind of registration or authentication? Restrict the bandwidth, or access to ports and functionality in any way? Do you allow P2P from the guest range? Here at NEU we do not allow access to our preferred resources or core systems (data centers ect) from the guest range, but otherwise people have most functionality. What we have been seeing over the past year is an up-trend of people using the guest range to download copyright material. Our automated system will respond to complaints from outside entities and notify students they are in violation of our policies, but we do not have that ability with the guest network. Mark T. Nardone, CISSP, MIS Director of Information Technology Security Northeastern University 177:22 Huntington Boston , MA 02115 617.373.7901 (desk) 617.335.5082 (mobile) 617.373.6423 (fax) m.nardone () neu edu Northeastern University's Appropriate Use Policy "Security as a shared responsibility" **Northeastern University will never request details of your password or account by email at any time.** New Mass requirements for protecting Personal Identity Information (Pii) became Law on March 1st 2010. Please take a moment to review our on-line training material at Blackboard.neu.edu Information Security Awareness. This message may contain confidential or sensitive information and is for the use of the intended recipient only. If it appears you are not the intended recipient, or if you feel you have received this message in error, we ask your cooperation and that you refrain from disseminating, distributing or copying this e-mail. We request that you delete this email from your device and notify the sender.
Current thread:
- Guest Wireless Restrictions Nardone, Mark (May 08)
- Re: Guest Wireless Restrictions Roger A Safian (May 08)
- Re: Guest Wireless Restrictions Entwistle, Bruce (May 08)
- Re: Guest Wireless Restrictions Bob Bayn (May 08)
- Re: Guest Wireless Restrictions Josh Richard (May 08)
- Re: Guest Wireless Restrictions Rich Graves (May 08)
- Re: Guest Wireless Restrictions Brian Helman (May 08)
- Re: Guest Wireless Restrictions Childs, Aaron (May 08)