Educause Security Discussion mailing list archives
Re: Guest Wi-Fi Access
From: Brian Epstein <bepstein () IAS EDU>
Date: Tue, 12 Apr 2016 16:47:02 -0400
Jim, For us, we have an unencrypted guest network that is kept separate from our campus network with a firewall. There are very few resources that it can communicate with other than the Internet. We do have a registration portal. An anonymous guest will have two weeks access before being reprompted to register again. If you have access credentials, you can register a device permanently, until your access credentials are revoked. This is mostly for gaming systems and other convenience items that need Internet access. For day to day computing, we have an authenticated 802.1x WPA2 encrypted network. We are also big supporters of eduroam.org for federated access for academics (I highly recommend looking into this for your campus if you aren't already using it). Eduroam allows academics from other schools to get Internet access without needing to register, with the advantage of you being able to contact their school if they go rogue on your network. We haven't looked at any regulations or requirements as the anonymous networks don't have access to any classified data networks. Thanks, Brian On 04/12/2016 10:42 AM, Pardonek, Jim wrote:
We are in the process of revamping our guest access for our Wi-Fi. In doing so, I’ve been assembling a grid that includes all of the options that are available to us, given our infrastructure, and the risks and benefits for each option. One of the points that someone brought up was CALEA. It doesn’t seem to be very clear as to how CALEA would affect our guest access deployment but it also made me think if there were other Federal requirements that would mandate our knowing who is on our network and making sure that we have somewhat accurate information as to their identity. I know this has been batted around a few times, but I’m having some difficulty finding a good solid answer. Thanks, Jim *James Pardonek, MS, CISSP, CEH* *Information Security Officer** Loyola University Chicago 1032 W. Sheridan Road | Chicago, IL 60660 ** (**: (773) 508-6086* *standard_isc2_cissp*
-- Brian Epstein <bepstein () ias edu> +1 609-734-8179 Manager, Network and Security Institute for Advanced Study Key fingerprint = A6F3 9F5A 26C5 5847 79ED C34C C0E5 244A 55CA 2B78
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Guest Wi-Fi Access Pardonek, Jim (Apr 12)
- Re: Guest Wi-Fi Access Brian Epstein (Apr 12)
- Re: Guest Wi-Fi Access Tim Doty (Apr 12)
- Re: Guest Wi-Fi Access Kevin Wilcox (Apr 12)