Re: Mobile Device Registration and Limit of Devices Per User

[Randall C Grimshaw <rgrimsha () SYR EDU>]

user data for an 802.1x network is available in the radius authentication which can be sent to your favorite syslog 
collector by the wireless controller. match this data by mac address to similar syslog data from your dhcp server for 
an ip->mac->user correlation. This has proven to be more effective than a registration for wireless devices.

since the topic of this thread is a limiting of devices per user, you could enforce that limit using whatever 
quarantine method you have in place. Essentially allowing the extra device to exceed the threshold with the benefit of 
quarantine restricting the longest connected device - in the hope that it is the laptop left on in their dorm room that 
gets the boot so that their current academic or mobile uses are not affected.

Randall Grimshaw rgrimsha () syr edu
________________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Hahues, Sven 
[shahues () FGCU EDU]
Sent: Wednesday, March 06, 2013 4:42 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Mobile Device Registration and Limit of Devices Per User

Mr. Flaherty,

We are currently only requiring registration of mobile devices for the users of our residential network.  The reason we 
do this is so that we can steer them to the appropriate network.  We do not really limit the amount of devices users 
can register simply because the students have so many devices that it would become too much of a hassle for us to 
enforce these types of limits.  Students trade out technology so quickly that it would be hard to keep up with.

We are talking about going to a registration system for our public wireless network, too as we really would like to get 
some better visibility into who is using it, and also for accountability reasons.  Even there we would ask everyone to 
register any device that connects, regardless of what it is.

Hope that helps!

Sven

Sven Hahues
Ass. Dir. FGCU Network Services & Helpdesk
Tel: (239) 590 1337
E-Mail: shahues () fgcu edu

No department at FGCU will EVER ask you for your username and password in person or through e-mail. If you receive an 
e-mail requesting your EagleMail or FGCU email password, DO NOT respond.  Delete the e-mail immediately.



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Josh 
Flaherty
Sent: Monday, March 4, 2013 3:52 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Mobile Device Registration and Limit of Devices Per User

Greetings,



We are working on our mobile device policy and are wondering how many require registration of mobile devices?  Also we 
are considering a limit on the number of devices allowed on the network per user and are wondering if others also 
enforce a similar policy.



Thank You.



Josh Flaherty

Information Technology Security Officer

Indiana State University





***The Office of Information Technology staff will never ask for your password or other confidential information via 
email.***




________________________________

Never give out your username or password to anyone. This includes any accounts you have such as: FGCU, bank and credit 
card accounts, and other personal accounts.