PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Guest Wireless Authorization

From: xgermx at gmail.com (xgermx)
Date: Mon, 16 Mar 2009 11:11:40 -0500
Sounds like this could be done through implementing a captive portal.
WiFi Dog is free - http://dev.wifidog.org/


On Mon, Mar 16, 2009 at 9:40 AM, Carl Hester <carlhester at gmail.com> wrote:

We're looking to set up an authentication/authorization system for our
Guest Wireless network. ?My client is a hospital with a very large
campus that covers many city blocks and the Guest Wireless network
spans the entire area. ?The current network does not have any
authentication and just let users connect and surf as they please,
this includes no TOS. ?This network is routed through the Websense URL
filter, but beyond that, is wide open. ?The high level decision makers
are not keen on implementing any sort of "big brother" to this
wireless network. ?This environment is very political, so it's always
difficult to convince them that they need to implement any new layers
of security.

However, over the past few weeks there have been complaints of our IP
range being used for malicious traffic and they can be traced back to
IP addresses on the guest WLAN. ?So, with this recent information,
we're going to push for some changes.

My idea is to ask a prospective user for their cell phone # before
allowing them to connect. ?At that point, they could be sent a
text-message with an authorization code that would be tied to their
session token. ?The user then inputs the code and is authorized to use
the network. ?This assumes anyone who has a laptop would also have a
cell phone. ?There are a few hurdles with this approach, such as users
not having text-messaging plans, or not having cell coverage in
certain areas of the hospital. ?This is not the ideal scenario, but
just an idea.

Random list of requirement ideas:
--Ability to revoke session tokens and blacklist hosts
--Use more than MAC address to identify endpoint
--Limit session length and allow for reauthorization
--Physical interaction with user isn't ideal, but could be implemented
via guest services or kiosk.

I'm looking for any input on experiences or recommendations for
software packages to manage this sort of wireless access control.

Thanks for any feedback,

Carl
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: