Re: Wireless Guest Access

[SECURITY SECURITY <SECURITY () MAIL MCG EDU>]

I agree with Jeff.  The language is very vague on what is considered
"Private" vs "Public" networks.  From what I've read, there are two
criteria that qualify Higher Ed Institutions as having to comply with
CALEA.  The first we've already mentioned, the second is if the
Institution maintains the Routers/Equipment that connects them to the
internet.

I think everyone can agree that the use of "Private v Public" is going
to be the issue here, and like most others, wireless is going to be the
catalyst that will make that determination.  Since the FBI is the
governmental agency providing directives on this, we've asked an agent
from our local Bureau office to come and speak to our IT Security and
our institution Legal Department for clarificiation. We'll let the group
know what we find.

James Van Meter
Security Administrator
Medical College of Georgia
jvanmeter () mcg edu

> > > giacobbej () MAIL MONTCLAIR EDU 9/28/2006 6:42:01 PM >>>
All-

With the recent CALEA rulings and their rather ambiguous language
regarding Higher Ed, our institution is taking a wait and see stance
on
providing any kind of "guest" access to the Internet from our campus
wired or wireless networks.

The key issue with CALEA as it applies to Higher Ed seems to center
around the definition of "private" vs. "public" networks (with private
networks being outside the purview of CALEA regulations) It is not
clear
(at least to me) whether an institution that provides access to the
Internet for individuals not directly affiliated with that institution
is or is not bound by CALEA.

Attached is a CALEA Update email that Mark Luker, VP of EDUCAUSE sent
to
the EDUCAUSE-PRIMARY list last month.  Your mileage may vary, but I
recommend checking into this before implementing any kind of guest
access from your campus network to the Internet.

Regards,

Jeff Giacobbe
Director of Systems, Security, and Networking
Montclair State University


Steve Lovaas wrote:
> We solve this in two ways:
>
> 1) If the parent/potential student is visiting as part of an
established
> program (like orientation), then the sponsoring organization can
include
> a guest login as part of the materials they get at check-in.
>
> 2) For individual visitors with no sponsor ("just looking, thanks")
> there are web-only kiosks in the student center that require no
login,
> as well as terminals in the library. No wireless, but at least they
can
> check their web mail.
>
> As for the risks, we feel that we need at least some level of
> accountability. If a non-login kiosk misbehaves, we can re-evaluate
> offering such services. Other than that, whether it's an automated
> process or a manual tracking (like a sign-in sheet at the library or
a
> sponsor's list of conference attendees), we need to be able to get
to
> the source PC/user in the case of legal entanglements.
>
> Steve Lovaas
> Colorado State
>
> Matt Arthur wrote:
> <snip>
> > > It sounds like most of you are doing some kind of 'sponsored'
guest
> > > access (which is what we do for our current system), but how do
parents
> > > and prospective students find someone to 'sponsor' them?
> > >
> > > And, do you think (assuming the technical security problems are
taken
> > > care of) there is large political (or legal) risk in simply
allowing
> > > folks to come in and use a non-login guest account?
> > >
> > > Thanks,
> > > Matt
> > >
> > > Matthew K Arthur, CISSP
> > > Director, NTS-Enterprise Networks
> > > Washington University in St. Louis
> > > W: 314.935.7388, F:314.935.7142
>
>
> --
> ==============================================================
> Steven Lovaas, MSIA, CISSP
> Network & Security Resource Manager
> Academic Computing & Network Services
> Colorado State University
> 970-297-3707
> Steven.Lovaas () ColoState EDU
> ==============================================================