Educause Security Discussion mailing list archives
Re: Wireless access by users with multiple devices
From: "Doty, Timothy T." <tdoty () MST EDU>
Date: Fri, 17 Sep 2010 09:08:06 -0500
What is the issue? Does it matter if a user has multiple wireless devices active? Is there a shortage of addresses? Insufficient wireless resources to cope with the demand? Something else? In our environment all network devices (other than some infrastructure) get a public IP address from our /16. I'd have to check to see the total allocation for wireless as we have different subnets - some are PSK and some are WPA. There has been a definite increase over the past few years in mobile network devices which has caused us to allocate more/larger subnets for wireless use (approximately a third of our active IP addresses are now for wireless devices) in addition to bulking out our wireless network in terms of geographical coverage and number of clients that can be handled. We require network devices to be registered to a user and by default there are number limits to avoid creative user behavior (we have very creative students) but if a student really had 50 network devices I don't see why he wouldn't be able to register them, it would just require IT intervention. All devices registered to a user "belong" to the same subscriber in our traffic shaper so a student with 50 devices trying to download on each of them is not going to be happy with the results. This is a deliberate configuration on our part and helps to reduce abuse. The main problem we've had with wireless devices is that users often won't register them. To facilitate the registration process we have a certain number of IP addresses reserved for unregistered systems - basically no Internet access but they can get to the online registration form. The issue is that this is often "good enough" access for the user and they just don't bother to register. Or they aren't aware/don't care that the device is proactively acquiring a wireless IP address. Which means that the unregistered IP address pool gets exhausted. To help with this issue if a system stays on an unregistered IP address for too long it is automatically registered in a way to deny any DHCP requests. It helps, but does not resolve issue. We don't have any policy limiting the number of wireless devices a user can register, from that point of view it is just considered an alternate way to connect to the network. The main reason there are any limits to the number of device registrations per user is to prevent abuse. From a traffic shaping perspective all devices registered to a user share the same bandwidth allocation. To my knowledge we have enough access points to give reasonable client coverage so inability to connect to the wireless network is either a client issue or exhaustion of the IP address pool (normally the unregistered device pool). Tim Doty From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Christopher Jones Sent: Thursday, September 16, 2010 6:11 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Wireless access by users with multiple devices We are currently grappling with the issue of concurrent wireless access by users with multiple devices. For those of you who may have dealt with this already, do you have any thoughts, suggestions, recommendations surrounding policies, strategies? Thanks. Christopher Jones IT Security Administrator University of the Fraser Valley Christopher.Jones () ufv ca
Attachment:
smime.p7s
Description:
Current thread:
- Wireless access by users with multiple devices Christopher Jones (Sep 16)
- Re: Wireless access by users with multiple devices Bob Bayn (Sep 16)
- Re: Wireless access by users with multiple devices Doty, Timothy T. (Sep 17)
- Re: Wireless access by users with multiple devices Mike Porter (Sep 17)
- Re: Wireless access by users with multiple devices Doty, Timothy T. (Sep 17)
- Re: Wireless access by users with multiple devices Christopher Jones (Sep 17)
- Re: Wireless access by users with multiple devices Mike Porter (Sep 17)
- Re: Wireless access by users with multiple devices King, Ronald A. (Sep 17)
- Re: Wireless access by users with multiple devices Christopher Jones (Sep 17)