Re: student wireless security model

[Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>]

802.1x, LDAP authenticated, WPA2 with PEAP.
Students on vifi get put on a student vlan, Employess get put on another
vlan.
Students are forced through NAC, Employees currently are not. Yet.
We have separate Global Wifi SSID for Fac and staff currently.  We allowed
students in the past to connect to the same SSID for Employees, but they
were still put in a separate vlan regardless of what they connected to. 
We are changing this and forcing them to connect to their own student wifi
because this method has built in granularity for NAC enforcement and
allows upgrades/changes to wifi to take place for one group without
affecting the other.

Guest wifi uses authenticated ldap (a guest directory just for continuity
of management) via captive portal.  Accounts are premade and users must
request one or a batch of these generically named accounts.  On request,
we attach an account to paperwork or data that we have on who will use or
is responsible for the account and we distribute the account for use with
a defined expiry and keep their application on record as long as needed. 
At some point we will probably be streamlining this process considerably.

D/C
The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> writes:
> I am curious what security model other universities are now using for
> their student wireless networks. 
>
> � 
>
> -� � � � �  Encrypted or unencrypted
>
> -� � � � �  Authentication (mac, 802.1x, web portal etc.)
>
> -� � � � �  Any NAC security checks on the client
>
> � 
>
> Thanks,
>
> Jim
>
> � 
>
> �