Educause Security Discussion mailing list archives

Re: Guest WiFi Access

From: Joe St Sauver <joe () OREGON UOREGON EDU>
Date: Thu, 8 Sep 2011 11:21:04 -0700

Dan commented:

#When you say port locking, do you mean a physical device that prevents 
#removal of an Ethernet cable by anyone from the wall?

That can be difficult to practically prevent, and something I addressed in 
a relatively recent talk on IT physical security, see

"Physical Security of Advanced Network and Systems Infrastructure"
http://pages.uoregon.edu/joe/phys-sec-i2mm/phys-sec-i2mm.pdf
at slides 40-42

It's a hard problem. You've potentially got LOTS of jacks (so any
solution can't be expensive), there isn't a lot of space if they jacks
are densely deployed/tightly spaced, if you fix the jack what
are you going to do to secure the associated cable, etc.

#What about at the workstation level? Dave indicated that students just 
#snip cable ties, if you are locking at the wall, how are you preventing 
#users from taking a wire from the workstation?

Or unscrewing the face plate from a jack panel, or cutting and reterminating
the CAT5 for that matter (admittedly not a common skill set, but Radio Shack
does sell CAT5 tools to the general public for a modest $39.99, see
http://www.radioshack.com/product/index.jsp?productId=2102896 )

I think you really want to authenticate users who may be at public ethernet
jacks the same way you authenticate wireless users, and recognize that 
preventing users from obtaining unauthorized physical access to physical
ethernet jacks is more or less a hard/unsolved practical problme (short
of sheltering jacks within locked offices or some sort of locking enclosures)

#I suspect many students are not likely to be carrying around Ethernet 
#cables, although they may on a campus with limit wireless. Do you have 
#cable locks in office spaces where students may bring their own laptops? 
#Heck, the vast majority of our students do not know what an Ethernet 
#cable is, they have been so indoctrinated to wireless that they seemingly 
#do not know of anything else.

But beware some of the rare ones that *do* :-)

Regards,

Joe

Current thread:

Re: Guest WiFi Access, (continued)
- - - Re: Guest WiFi Access Tim Doty (Sep 08)
    - Re: Guest WiFi Access Foerst, Daniel P. (Sep 08)
    - Re: Guest WiFi Access Roger A Safian (Sep 09)
    - Re: Guest WiFi Access Mark Monroe (Sep 09)
    - Re: Guest WiFi Access Roger A Safian (Sep 09)
    - Re: Guest WiFi Access Alexander Kurt Keller (Sep 08)
- Re: Guest WiFi Access Sweeny, Jonny (Sep 26)
- Re: Guest WiFi Access markm196 (Sep 08)
- Re: Guest WiFi Access markm196 (Sep 08)
  - Re: Guest WiFi Access Jeff Kell (Sep 08)
- Re: Guest WiFi Access Joe St Sauver (Sep 08)