Educause Security Discussion mailing list archives
Re: Consensus About Open Guest Access
From: Sam Hooker <samuel.hooker () UVM EDU>
Date: Tue, 12 Jun 2012 16:30:32 -0400
On 20120612 14:01 , Jim Pardonek wrote:
Ok so I'm hijacking my own email thread. Those of you that host conferences, how do you handle guest WLAN access for the conference attendees and presenters? I've checked the guest access pages from several edu's but they only mention sponsored guest access and really don't address a conference.
UVM uses a sponsored-access model[1], and users responsible for provisioning access for conference attendees are granted access to a batch-creation utility built around the spreadsheet format used by our Conference and Events Services group. They input their existing list of attendees, the system provisions accounts/generates passwords, and hands them back a CSV suitable for framing. Er, mail-merging. Yes, this means that the sponsor has access to the guests' credentials in plaintext, but this was deemed an acceptable compromise, given the ephemeral nature of these credentials, and the extremely limited scope of their access to institutional resources. Cheers, -sth http://www.uvm.edu/it/wireless/?Page=guestnet.html -- Sam Hooker | samuel.hooker () uvm edu Systems Architecture and Administration Enterprise Technology Services The University of Vermont
We are in the process of separating our medical schools from our hospital. They have had their own methods of supplying guest access which in my view is not very secure nor does it make anyone accountable for usage. We struggle with having a set of conference IDs that we recycle and change the passwords on after every conference. We were thinking that since we have to address this at our med schools, we may want to look at our conference guest access for the whole university. Thanks, Jim *James Pardonek, CISSP, CEH* *Information Security Officer** Loyola University Chicago **1032 W. Sheridan Road | Chicago, IL 60660 ** (**: (773) 508-6086 <mailto:508-6086 () purduecal edu><mailto:508-6086 () purduecal edu>*"Routen, Nathan" <NRouten () MAIL TWU EDU> 6/11/2012 1:30 PM >>>Here is one specific example to consider.. Any traffic that remains within the University's private network does not need to be CALEA compliant as it falls within the "Private Network" exception. However, communication traffic that travels to the Public Switch Telephone Network (PSTN) or the Public Internet does have a CALEA requirement. At that point, it must be decided who has the CALEA obligation. If the University acts as its own ISP, I would assume that they have the obligation. Also, if the University implements dynamic IP addresses for local end points it would need to provide the end user associated with that dynamic address for an authorized interception. As you have probably noticed, determining whether an entity needs to be CALEA compliant is not a simple question. I suggest that you pose the question to your legal resources before initiating any action. Nate -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Julian Y Koh Sent: Monday, June 11, 2012 1:22 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Consensus About Open Guest Access On Mon Jun 11 2012 13:10:36 Central Time, Roger A Safian wrote:We have this. Guest wireless is open, you need to enter your email,name, etc. and you get 24 hours of access. We’ve only been doing it for a few months and so far we have had no issues with several thousand users. 8300+ unique devices since March 28, to be a little more specific. :) There are obviously a lot of dips and peaks in some of our data, but we're averaging over 260 unique registrations every day, with a max just under 500 a couple of times.
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Consensus About Open Guest Access Jim Pardonek (Jun 11)
- Re: Consensus About Open Guest Access Routen, Nathan (Jun 11)
- Re: Consensus About Open Guest Access Roger A Safian (Jun 11)
- Re: Consensus About Open Guest Access Julian Y Koh (Jun 11)
- Re: Consensus About Open Guest Access Routen, Nathan (Jun 11)
- Re: Consensus About Open Guest Access Tiffany Drape (Jun 11)
- Re: Consensus About Open Guest Access Jim Pardonek (Jun 12)
- Re: Consensus About Open Guest Access Roger A Safian (Jun 12)
- Re: Consensus About Open Guest Access Sam Hooker (Jun 12)
- Re: Consensus About Open Guest Access Dr. Wole Akpose (Jun 12)
- Re: Consensus About Open Guest Access Julian Y Koh (Jun 11)