Re: Guest WiFi Access

[Alexander Kurt Keller <alkeller () SFSU EDU>]

We have started using the Panduit RJ45 Plug Lock-In Device (http://www.panduitproducts.com/catalog/model_PSL-DCPL.htm) 
to prevent students from unplugging equipment and commandeering publically exposed Ethernet jacks. Of course we aren't 
counting on this as a security measure (they are easily circumvented), but we find it prevents the casual "borrowing" 
of the jack. 

Best,
alex


Alex Keller
Systems Administrator
Academic Technology, San Francisco State University
Office: Burk Hall 155 Phone: (415)338-6117 Email: alkeller () sfsu edu

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David 
Gillett
Sent: Thursday, September 08, 2011 9:41 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Guest WiFi Access

Dave Koontz wrote:

> Students, guests, and others can just plug themselves into any wired 
> jack
without IT knowledge (in most
> organizations)... and they often do.  We find people unplugging lab
computers, printers, etc. and patching
> into the jack.

This is a recurring issue for us, too.  We do have a couple of small areas where wired jacks are deliberately provided 
for visitors to plug into, but I'm talking about students who walk into a lab, unplug a computer provided by the 
college, and plug their own device in instead.  Oh, and if they have to cut a plastic tie-strap to do that, it barely 
slows them down.


> I don't believe CALEA has separate rules as to how someone accesses a
campus network or the internet, be it
> wired or wireless.  Someone please correct me if I am wrong.

  I don't believe the questioner was asking about provisions of CALEA per se, but about the FCC's ruling (early 2009 if 
I recall correctly) that providers of *public* Internet access are bound by CALEA -- i.e., must have resources in place 
to allow easy/prompt intercept and recording of voice
(VOIP) traffic.  My impression is that most higher-ed institutions have chosen to shield themselves from this 
requirement by ensuring that their networks are *private*, with the possible exception of areas where they qualify for 
exemptions to the FCC ruling -- in libraries, for instance.

(We had an incident on one campus where an instructional assistant decided to "fix" the limited coverage of our guest 
wireless by putting up his own router, using our guest SSID, in an area that did not qualify....  If he had simply 
reported the disappointing coverage, we would have explained to him the legal constraint under which we operate.)

David Gillett, CISSP CCNP
Sr, Security Engineer
Foothill-De Anza College District