Educause Security Discussion mailing list archives

Re: Wireless Guest Access

From: "HALL, NATHANIEL D." <halln () OTC EDU>
Date: Thu, 28 Sep 2006 11:19:09 -0500

We offer a similar type of system here, but there are a few differences.
Currently, there is no logon other than the initial SSID to the "student
network" (for students, faculty, staff, and external groups utilizing
the campus) although we are researching the possibility.  The network is
physically / logically located outside our internal network firewalls
and is protected by its own firewall.  Combined with the firewall is a
content filtering solution called DansGuardian that prevents users from
viewing objectionable material.

 

We previously had the network behind a router and did very little
logging.  We were later contacted by law enforcement about a case they
were working and did not have any logs to help them.  We decided that we
would put the firewall in place to have some protection against claims
that we weren't doing enough.

 

The reason we are considering authentication is to be able to track
somebody down if needed, usually for legal issues or for breaking the
AUP.

--
Nathaniel Hall, GSEC GCFW GCIA GCIH
Network Security System Administrator
OTC Computer Networking

Office: (417) 447-7535 

 

________________________________

From: Matt Arthur [mailto:arthur () WUSTL EDU] 
Sent: Thursday, September 28, 2006 10:49 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Wireless Guest Access

 

We are in the process of adding a couple hundred of the new generation
centrally controlled wireless access points.  Our current system
requires a login and pw.  The new system requires the same.  We have had
a discussion locally about adding a 'Guest' SSID that would not require
a login and would ONLY provide access to web traffic.  Our main goal is
to allow visiting faculty, staff, prospective students, and parents to
have a way to use their mobile device to check email via their yahoo
account, web portal, etc...  From a technical security point of view, we
feel okay that folks won't be able to 'cross over' into our secure SSID
area and if they download a virus/bot, it can't jump onto our network.
My questions and concerns are more towards the political and legal side
of things.  Does anyone offer this type of wireless access?  If so, are
there legal/political battles that you have either fought or stepped
around?  Or does everyone still require some form of authentication?

Current thread:

Wireless Guest Access Matt Arthur (Sep 28)
- <Possible follow-ups>
- Re: Wireless Guest Access Randy Marchany (Sep 28)
- Re: Wireless Guest Access HALL, NATHANIEL D. (Sep 28)
- Re: Wireless Guest Access Christopher Misra (Sep 28)
- Re: Wireless Guest Access Steve Lovaas (Sep 28)
- Re: Wireless Guest Access Geoff Nathan (Sep 28)
- Re: Wireless Guest Access Joe St Sauver (Sep 28)
- Re: Wireless Guest Access Matt Arthur (Sep 28)
- Re: Wireless Guest Access Steve Lovaas (Sep 28)
- Re: Wireless Guest Access Jeff Giacobbe (Sep 28)
- Re: Wireless Guest Access Koerber, Jeff (Sep 28)
- Re: Wireless Guest Access Geoff Nathan (Sep 29)