Educause Security Discussion mailing list archives

Re: Consensus About Open Guest Access

From: Roger A Safian <r-safian () NORTHWESTERN EDU>
Date: Tue, 12 Jun 2012 18:20:56 +0000

I think what you are saying is that several .edu’s have a process that requires a sponsor to sign off on any guest, 
prior to that guest’s ability to use the network?  Assuming that’s the case, we examined that model and felt it added a 
layer of complexity without any significant benefit.  YMMV  If we want our community to be able to easily offer 
wireless access, as a matter of convenience for their guests, (and we did) then a process that is both simple to use 
and reasonable secure is required.  I’m not sure I see significant and practical security benefits in a more 
challenging process.
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jim 
Pardonek
Sent: Tuesday, June 12, 2012 1:02 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Consensus About Open Guest Access

Ok so I'm hijacking my own email thread.  Those of you that host conferences, how do you handle guest WLAN access for 
the conference attendees and presenters?  I've checked the guest access pages from several edu's but they only mention 
sponsored guest access and really don't address a conference.  We are in the process of separating our medical schools 
from our hospital.  They have had their own methods of supplying guest access which in my view is not very secure nor 
does it make anyone accountable for usage.  We struggle with having a set of conference IDs that we recycle and change 
the passwords on after every conference.  We were thinking that since we have to address this at our med schools, we 
may want to look at our conference guest access for the whole university.

Thanks,

Jim

James Pardonek, CISSP, CEH
Information Security Officer
Loyola University Chicago
1032 W. Sheridan Road | Chicago, IL  60660

•: (773) 508-6086<mailto:508-6086 () purduecal edu>

"Routen, Nathan" <NRouten () MAIL TWU EDU<mailto:NRouten () MAIL TWU EDU>> 6/11/2012 1:30 PM >>>

Here is one specific example to consider..

Any traffic that remains within the University's private network does not need to be CALEA compliant as it falls within 
the "Private Network" exception.  However, communication traffic that travels to the Public Switch Telephone Network 
(PSTN) or the Public Internet does have a CALEA requirement.  At that point, it must be decided who has the CALEA 
obligation.  If the University acts as its own ISP, I would assume that they have the obligation.  Also, if the 
University implements dynamic IP addresses for local end points it would need to provide the end user associated with 
that dynamic address for an authorized interception.

As you have probably noticed, determining whether an entity needs to be CALEA compliant is not a simple question.  I 
suggest that you pose the question to your legal resources before initiating any action.

Nate

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE 
EDU]<mailto:[mailto:SECURITY () LISTSERV EDUCAUSE EDU]> On Behalf Of Julian Y Koh
Sent: Monday, June 11, 2012 1:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Consensus About Open Guest Access

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon Jun 11 2012 13:10:36 Central Time, Roger A Safian wrote:


We have this.  Guest wireless is open, you need to enter your email, name, etc. and you get 24 hours of access.  
We’ve only been doing it for a few months and so far we have had no issues with several thousand users.


8300+ unique devices since March 28, to be a little more specific.  :)

There are obviously a lot of dips and peaks in some of our data, but we're averaging over 260 unique registrations 
every day, with a max just under 500 a couple of times.

- --
Julian Y. Koh
Manager, Network Transport, Telecommunications and Network Services Northwestern University Information Technology 
(NUIT)
2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: <http://www.it.northwestern.edu/> PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>



-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAk/WNysACgkQDlQHnMkeAWOh+ACg9w/J1JCG3yVOUlMjj8MZJm8n
0SwAoLAWdrSenKnsRWYmVvuP5Yq124UQ
=tawG
-----END PGP SIGNATURE-----

Current thread:

Consensus About Open Guest Access Jim Pardonek (Jun 11)
- Re: Consensus About Open Guest Access Routen, Nathan (Jun 11)
- Re: Consensus About Open Guest Access Roger A Safian (Jun 11)
  - Re: Consensus About Open Guest Access Julian Y Koh (Jun 11)
    - Re: Consensus About Open Guest Access Routen, Nathan (Jun 11)
    - Re: Consensus About Open Guest Access Tiffany Drape (Jun 11)
    - Re: Consensus About Open Guest Access Jim Pardonek (Jun 12)
    - Re: Consensus About Open Guest Access Roger A Safian (Jun 12)
    - Re: Consensus About Open Guest Access Sam Hooker (Jun 12)
    - Re: Consensus About Open Guest Access Dr. Wole Akpose (Jun 12)