Educause Security Discussion mailing list archives
unauthenticated network access
From: Justin Sipher <jsipher () SKIDMORE EDU>
Date: Wed, 3 May 2006 09:12:22 -0400
Hello all. I considered where to post this question and decided on the EDUCAUSE Security list. (lucky you) :-) I am curious to know about the lay of the land regarding unauthenticated access to the institutions network (wired or wireless) excluding what is traditionally considered "ResNet". In the good old days, I think we all-to-often made network access relatively wide open before the rise of residential networks on campuses and the subsequent need to have authentication/registration systems because of what came along with these networks. We no longer could afford to not know who was using what device and where they were. Around the same time came the rollout of first wired and now wireless access around campus as our populations began to utilize laptop computers with greater frequency. Over this time it seems like institutions have taken different approaches to granting this network access. In some cases getting a connection (wired or wireless) was all that one needed to begin utilizing the network resources and/or Internet. In other (and maybe the majority of) cases there was a need to validate that the individual was associated with the institution, usually with a username & password. I've seen solutions which allow NO access to anything without credentials (username/password) and other solutions that allow limited (maybe only http to the Internet) access to those without credentials and full access with authentication. With all of the above as background, my question is the following. Where are people going on the spectrum of allowing "guest access" to the network/Internet? Inevitably with the changing use of technology and the continuing mobility of individuals, we are faced with growing access demands by those not directly associated with the institution. We are trying to facilitate that growth in a way that doesn't put unnecessary roadblocks yet at the same time not create a structure that could put the institution in a position of increasing liability. (quick note - I am CERTAINLY no lawyer). So for all of you who have totally restricted unauthenticated access, do you have procedures in place to create "guest accounts" and have you found that this can and does work well enough to satisfy all parties. If so, can you (roughly) share you procedures/policies? With the advantage of hindsight, would you do it this way again? For those of you who do allow some level of unauthenticated therefore anonymous access (wired/wireless) have you found this to be manageable and have there been cases of needing to know (after the fact) who was using what IP address at a specific time? If you do this, do you limit what resources they have access to and if so what? With the advantage of hindsight, would you do it this way again? I hope you feel this falls close enough to "security" to warrant the post on this list. Thanks all. ...Justin _______________________________________________________ Justin Sipher Chief Technology Officer Skidmore College Saratoga Springs, NY jsipher () skidmore edu 518-580-5909 _______________________________________________________
Current thread:
- unauthenticated network access Justin Sipher (May 03)
- <Possible follow-ups>
- Re: unauthenticated network access Steve Lovaas (May 03)
- Re: unauthenticated network access Gary Flynn (May 03)
- Re: unauthenticated network access Randy Grimshaw (May 03)