Educause Security Discussion mailing list archives

Re: Guest Wi-Fi Access

From: Brian Epstein <bepstein () IAS EDU>
Date: Tue, 12 Apr 2016 16:47:02 -0400

Jim,

For us, we have an unencrypted guest network that is kept separate from
our campus network with a firewall.  There are very few resources that
it can communicate with other than the Internet.

We do have a registration portal.  An anonymous guest will have two
weeks access before being reprompted to register again.  If you have
access credentials, you can register a device permanently, until your
access credentials are revoked.  This is mostly for gaming systems and
other convenience items that need Internet access.

For day to day computing, we have an authenticated 802.1x WPA2 encrypted
network.  We are also big supporters of eduroam.org for federated access
for academics (I highly recommend looking into this for your campus if
you aren't already using it).  Eduroam allows academics from other
schools to get Internet access without needing to register, with the
advantage of you being able to contact their school if they go rogue on
your network.

We haven't looked at any regulations or requirements as the anonymous
networks don't have access to any classified data networks.

Thanks,
Brian

On 04/12/2016 10:42 AM, Pardonek, Jim wrote:

We are in the process of revamping our guest access for our Wi-Fi.  In
doing so, I’ve been assembling a grid that includes all of the options
that are available to us, given our infrastructure, and the risks and
benefits for each option.  One of the points that someone brought up was
CALEA.  It doesn’t seem to be very clear as to how CALEA would affect
our guest access deployment but it also made me think if there were
other Federal requirements that would mandate our knowing who is on our
network and making sure that we have somewhat accurate information as to
their identity.

 

I know this has been batted around a few times, but I’m having some
difficulty finding a good solid answer.

 

Thanks,

 

Jim

 

*James Pardonek, MS, CISSP, CEH*

*Information Security Officer**
Loyola University Chicago 
1032 W. Sheridan Road | Chicago, IL  60660
**
(**: (773) 508-6086*

*standard_isc2_cissp*




-- 
Brian Epstein <bepstein () ias edu>                     +1 609-734-8179
Manager, Network and Security           Institute for Advanced Study
Key fingerprint = A6F3 9F5A 26C5 5847 79ED  C34C C0E5 244A 55CA 2B78

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

Guest Wi-Fi Access Pardonek, Jim (Apr 12)
- Re: Guest Wi-Fi Access Brian Epstein (Apr 12)
- Re: Guest Wi-Fi Access Tim Doty (Apr 12)
  - Re: Guest Wi-Fi Access Kevin Wilcox (Apr 12)