Re: Guest Wireless Restrictions

[Bob Bayn <bob.bayn () USU EDU>]

We have had a fully-functional guest registration system that requires a sponsor (staff or student) to generate the 
ticket for the guest to authenticate on the wireless system.  We are just deploying a new guest system that only 
requires self-registration with an email address and provides only restricted access, filtering and limited bandwidth.  
The service is good enough for visitors to check their email, etc.  But not good enough for youtube and other high 
bandwidth applications.  It will allow only outbound connections on standard ports, so most P2P will be blocked in 
addition to rate-limited.

The occasional DMCA complaints on our current guest system are attributed to the local authorizer of the ticket.  The 
guilty MAC is denied access which can be recovered on the usual assurances that the material has been removed and 
payment of a $25 fee.  If the guest doesn't want access restored, the ticket authorizer is not responsible for the fee.

Bob Bayn              (435)797-2396           IT Security Team
Office of Information Technology,     Utah State University
    three common hazardous email scams to watch out for:
     1) "phishing" for your email password
     2) unfamiliar transaction report from familiar business
     3) attachment with no explanation in the message body


________________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Nardone, Mark 
[m.nardone () NEU EDU]
Sent: Tuesday, May 08, 2012 12:49 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Guest Wireless Restrictions

Many of us have some form of "Guest Wireless
Access", I am interested in what others are doing
in terms of restricting that access.
Do you:

Require any kind of registration or
authentication?
Restrict the bandwidth, or access to ports and
functionality in any way?
Do you allow P2P from the guest range?


Here at NEU we do not allow access to our
preferred resources or core systems (data centers
ect) from the guest range, but otherwise people
have most functionality. What we have been seeing
over the past year is an up-trend of people using
the guest range to download copyright material.
Our automated system will respond to complaints
from outside entities and notify students they are
in violation of our policies, but we do not have
that ability with the guest network.




Mark T. Nardone, CISSP, MIS

Director of Information Technology Security
Northeastern University
177:22 Huntington
Boston , MA 02115
617.373.7901 (desk)
617.335.5082 (mobile)
617.373.6423 (fax)
m.nardone () neu edu
Northeastern University's Appropriate Use Policy

"Security as a shared responsibility"

**Northeastern University will never request
details of your password or account by email at
any time.**

New Mass requirements for protecting Personal
Identity Information (Pii) became Law on March 1st
2010. Please take a moment to review our on-line
training material at Blackboard.neu.edu
Information Security Awareness.

This message may contain confidential or sensitive
information and is for the use of the intended
recipient only.  If it appears you are not the
intended recipient, or if you feel you have
received this message in error, we ask your
cooperation and that you refrain from
disseminating, distributing or copying this
e-mail. We request that you delete this email from
your device and notify the sender.