PaulDotCom mailing list archives
Guest Wireless Authorization
From: carlhester at gmail.com (Carl Hester)
Date: Mon, 16 Mar 2009 10:40:22 -0400
We're looking to set up an authentication/authorization system for our Guest Wireless network. My client is a hospital with a very large campus that covers many city blocks and the Guest Wireless network spans the entire area. The current network does not have any authentication and just let users connect and surf as they please, this includes no TOS. This network is routed through the Websense URL filter, but beyond that, is wide open. The high level decision makers are not keen on implementing any sort of "big brother" to this wireless network. This environment is very political, so it's always difficult to convince them that they need to implement any new layers of security. However, over the past few weeks there have been complaints of our IP range being used for malicious traffic and they can be traced back to IP addresses on the guest WLAN. So, with this recent information, we're going to push for some changes. My idea is to ask a prospective user for their cell phone # before allowing them to connect. At that point, they could be sent a text-message with an authorization code that would be tied to their session token. The user then inputs the code and is authorized to use the network. This assumes anyone who has a laptop would also have a cell phone. There are a few hurdles with this approach, such as users not having text-messaging plans, or not having cell coverage in certain areas of the hospital. This is not the ideal scenario, but just an idea. Random list of requirement ideas: --Ability to revoke session tokens and blacklist hosts --Use more than MAC address to identify endpoint --Limit session length and allow for reauthorization --Physical interaction with user isn't ideal, but could be implemented via guest services or kiosk. I'm looking for any input on experiences or recommendations for software packages to manage this sort of wireless access control. Thanks for any feedback, Carl
Current thread:
- Guest Wireless Authorization Carl Hester (Mar 16)
- Guest Wireless Authorization Raffi Jamgotchian (Mar 16)
- Guest Wireless Authorization xgermx (Mar 16)