Educause Security Discussion mailing list archives
Re: Wireless Guest Access
From: SECURITY SECURITY <SECURITY () MAIL MCG EDU>
Date: Wed, 4 Oct 2006 07:59:00 -0400
I agree with Jeff. The language is very vague on what is considered "Private" vs "Public" networks. From what I've read, there are two criteria that qualify Higher Ed Institutions as having to comply with CALEA. The first we've already mentioned, the second is if the Institution maintains the Routers/Equipment that connects them to the internet. I think everyone can agree that the use of "Private v Public" is going to be the issue here, and like most others, wireless is going to be the catalyst that will make that determination. Since the FBI is the governmental agency providing directives on this, we've asked an agent from our local Bureau office to come and speak to our IT Security and our institution Legal Department for clarificiation. We'll let the group know what we find. James Van Meter Security Administrator Medical College of Georgia jvanmeter () mcg edu
giacobbej () MAIL MONTCLAIR EDU 9/28/2006 6:42:01 PM >>>
All- With the recent CALEA rulings and their rather ambiguous language regarding Higher Ed, our institution is taking a wait and see stance on providing any kind of "guest" access to the Internet from our campus wired or wireless networks. The key issue with CALEA as it applies to Higher Ed seems to center around the definition of "private" vs. "public" networks (with private networks being outside the purview of CALEA regulations) It is not clear (at least to me) whether an institution that provides access to the Internet for individuals not directly affiliated with that institution is or is not bound by CALEA. Attached is a CALEA Update email that Mark Luker, VP of EDUCAUSE sent to the EDUCAUSE-PRIMARY list last month. Your mileage may vary, but I recommend checking into this before implementing any kind of guest access from your campus network to the Internet. Regards, Jeff Giacobbe Director of Systems, Security, and Networking Montclair State University Steve Lovaas wrote:
We solve this in two ways: 1) If the parent/potential student is visiting as part of an
established
program (like orientation), then the sponsoring organization can
include
a guest login as part of the materials they get at check-in. 2) For individual visitors with no sponsor ("just looking, thanks") there are web-only kiosks in the student center that require no
login,
as well as terminals in the library. No wireless, but at least they
can
check their web mail. As for the risks, we feel that we need at least some level of accountability. If a non-login kiosk misbehaves, we can re-evaluate offering such services. Other than that, whether it's an automated process or a manual tracking (like a sign-in sheet at the library or
a
sponsor's list of conference attendees), we need to be able to get
to
the source PC/user in the case of legal entanglements. Steve Lovaas Colorado State Matt Arthur wrote: <snip>It sounds like most of you are doing some kind of 'sponsored'
guest
access (which is what we do for our current system), but how do
parents
and prospective students find someone to 'sponsor' them? And, do you think (assuming the technical security problems are
taken
care of) there is large political (or legal) risk in simply
allowing
folks to come in and use a non-login guest account? Thanks, Matt Matthew K Arthur, CISSP Director, NTS-Enterprise Networks Washington University in St. Louis W: 314.935.7388, F:314.935.7142-- ============================================================== Steven Lovaas, MSIA, CISSP Network & Security Resource Manager Academic Computing & Network Services Colorado State University 970-297-3707 Steven.Lovaas () ColoState EDU ==============================================================
Current thread:
- Re: Wireless Guest Access SECURITY SECURITY (Oct 04)
- <Possible follow-ups>
- Re: Wireless Guest Access Darnell Walker (Oct 11)
- Re: Wireless Guest Access Tom Siu (Oct 24)
- Re: Wireless Guest Access Cal Frye (Oct 25)