Re: Ports/applications permitted for Guest Access

[Roger A Safian <r-safian () NORTHWESTERN EDU>]

Just a follow-up to my question of last week.  

One of the options we are considering for guest access (this is more of an issue for wireless, but, could be an issue 
on wired as well) is a model similar to a coffee shop.  A visitor would arrive on campus, and connect to our wireless 
network.  They would choose something like Northwestern Guest from a options list, answer a few questions, (name, email 
address, whatever) and be granted limited guest access.  No vouching, or access code would be required for this, 
basically open access.

For those of you who do provide guest access, do you have a similar system, and have you had any serious issues?

> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Roger A Safian
> Sent: Friday, September 09, 2011 10:11 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Ports/applications permitted for Guest Access
>
> Greetings,
>
> We are looking at modifying and expanding our current guest access policy.
> Currently guests have the same access as everyone else, but, they also need
> to have a guest ID provided to them.  This is a somewhat cumbersome
> process.  We would like relax the policy, but, at the same time, we don't
> want to just allow anyone to do anything on our network.
>
> We are considering offering guest access for specific ports or applications.
> Guests might not even be considered part of "our" network.  My question,
> for those of you who do have guest access is, what exactly do you allow your
> quests to do?  Our initial thought is something like web, email, vpn.  I
> especially am concerned that we limit P2P on the guest network.
>
> Thanks.