Guest network access and content filtering

[Bill Kyle <bill.kyle () JHU EDU>]

Here at Johns Hopkins we have deployed guest wireless access across
our university and medical campuses. It was implemented to provide
Internet access to patients, vendors and other Hopkins' guest. The
wireless networking team implemented it as an open unsecured network.
They use Cisco Clean Access to require users to accept an acceptable
use policy and to control the allowed ports and protocols. There is
no user identification required. It is an entirely anonymous network
as implemented. We do dump guest users directly to the Internet
outside of our perimeter firewalls.

We do have Websense for content filtering of all guest web traffic.
This is to reduce Hopkins' risk exposure because of underage patients
and any underage visitors to other campuses. Also, we block access to
some other categories blocked to make the guest network less
desirable to neighbors to use Hopkins as their ISP. We designed the
content filtering policy to be consistent across all four campuses to
allow fail over of the filter engines and to make administration
easier. We are now receiving complaints from a Dean at the University
about restricting access to some of the categories.

If you do content filtering, how do you handle guest access?

--
Sincerely,
Bill Kyle
Network Security Engineer II
410.516.3364
Johns Hopkins Network Security
Johns Hopkins University and Medical Institutions

"War makes war, it won't bring peace
It just makes more, without cease"
- John Gorka