Re: Guest WiFi Access

[David Gillett <gillettdavid () FHDA EDU>]

Dave Koontz wrote:

> Students, guests, and others can just plug themselves into any wired jack
without IT knowledge (in most
> organizations)... and they often do.  We find people unplugging lab
computers, printers, etc. and patching
> into the jack.

This is a recurring issue for us, too.  We do have a couple of small areas
where wired jacks are deliberately provided for visitors to plug into, but
I'm talking about students who walk into a lab, unplug a computer provided
by the college, and plug their own device in instead.  Oh, and if they have
to cut a plastic tie-strap to do that, it barely slows them down.


> I don't believe CALEA has separate rules as to how someone accesses a
campus network or the internet, be it
> wired or wireless.  Someone please correct me if I am wrong.

  I don't believe the questioner was asking about provisions of CALEA per
se, but about the FCC's ruling (early 2009 if I recall correctly) that
providers of *public* Internet access are bound by CALEA -- i.e., must have
resources in place to allow easy/prompt intercept and recording of voice
(VOIP) traffic.  My impression is that most higher-ed institutions have
chosen to shield themselves from this requirement by ensuring that their
networks are *private*, with the possible exception of areas where they
qualify for exemptions to the FCC ruling -- in libraries, for instance.

(We had an incident on one campus where an instructional assistant decided
to "fix" the limited coverage of our guest wireless by putting up his own
router, using our guest SSID, in an area that did not qualify....  If he had
simply reported the disappointing coverage, we would have explained to him
the legal constraint under which we operate.)

David Gillett, CISSP CCNP
Sr, Security Engineer
Foothill-De Anza College District