Educause Security Discussion mailing list archives
Re: Guest Wi-Fi Access
From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Tue, 12 Apr 2016 18:00:32 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/04/16 17:21, Tim Doty wrote:
CALEA is really aimed at service providers and their subscribers. A service provider is required to have the ability to tap into their subscriber's communications. This is why CALEA was such a big deal for Skype and isn't so much of an issue for public networks.
The way it was put to me is that we aren't considered a service provider _specifically_ because we only give access to our population - -- meaning we have to know our population. I was told if we offer service outside of that population then we no longer qualified as a "private network" and would be considered a service provider; that is exactly what you become as soon as you offer an unregistered, non-sponsored guest wireless network that lets anyone within range join. Considering there are multiple solutions to address user access, some available at very low cost (like PacketFence, which comes with both low monetary and low personnel training costs), the argument that "we just can't afford it" isn't acceptable. I'll buy that some devices don't work with NAC software like PacketFence, ClearPass, Bradford, etc., but sponsored access _always_ works -- it may just take some effort to get the MAC of the system getting on. At that point any MAC spoofing to look like a known system is not your problem (at least, not in this context), you've done your diligence to try to pair a device with a responsible account and hopefully that account with an individual. Interesting reading from Cornell: http://www.it.cornell.edu/policies/esurveillance/calea.cfm ... but note they're trying to justify why they shouldn't have to be compliant, not arguing that they are excused from compliance. Ultimately, ask your General Counsel. If they tell you that you don't have to be compliant when you're offering unauthenticated wireless access to everyone within range then don't worry about it. kmw -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlcNb/0ACgkQsKMTOtQ3fKHhHgCfR4UNDYbfBpsMjzdDrWHU3iQ3 m0sAnROU7sxRVF9S7x/9NKnwAnoo25Z5 =GZIY -----END PGP SIGNATURE-----
Current thread:
- Guest Wi-Fi Access Pardonek, Jim (Apr 12)
- Re: Guest Wi-Fi Access Brian Epstein (Apr 12)
- Re: Guest Wi-Fi Access Tim Doty (Apr 12)
- Re: Guest Wi-Fi Access Kevin Wilcox (Apr 12)