Re: Consensus About Open Guest Access

[Sam Hooker <samuel.hooker () UVM EDU>]

On 20120612 14:01 , Jim Pardonek wrote:
> Ok so I'm hijacking my own email thread.  Those of you that host
> conferences, how do you handle guest WLAN access for the conference
> attendees and presenters?  I've checked the guest access pages from
> several edu's but they only mention sponsored guest access and really
> don't address a conference. 

UVM uses a sponsored-access model[1], and users responsible for
provisioning access for conference attendees are granted access to a
batch-creation utility built around the spreadsheet format used by our
Conference and Events Services group. They input their existing list of
attendees, the system provisions accounts/generates passwords, and hands
them back a CSV suitable for framing. Er, mail-merging.

Yes, this means that the sponsor has access to the guests' credentials
in plaintext, but this was deemed an acceptable compromise, given the
ephemeral nature of these credentials, and the extremely limited scope
of their access to institutional resources.


Cheers,

-sth

http://www.uvm.edu/it/wireless/?Page=guestnet.html

--
Sam Hooker | samuel.hooker () uvm edu
Systems Architecture and Administration
Enterprise Technology Services
The University of Vermont

> We are in the process of separating our
> medical schools from our hospital.  They have had their own methods of
> supplying guest access which in my view is not very secure nor does it
> make anyone accountable for usage.  We struggle with having a set of
> conference IDs that we recycle and change the passwords on after every
> conference.  We were thinking that since we have to address this at our
> med schools, we may want to look at our conference guest access for the
> whole university.
>  
> Thanks,
>  
> Jim
>
>  
> *James Pardonek, CISSP, CEH*
> *Information Security Officer**
> Loyola University Chicago 
> **1032 W. Sheridan Road | Chicago, IL  60660
> **
> (**: (773) 508-6086
> <mailto:508-6086 () purduecal edu><mailto:508-6086 () purduecal edu>*
> > > > "Routen, Nathan" <NRouten () MAIL TWU EDU> 6/11/2012 1:30 PM >>>
> Here is one specific example to consider..
>
> Any traffic that remains within the University's private network does
> not need to be CALEA compliant as it falls within the "Private Network"
> exception.  However, communication traffic that travels to the Public
> Switch Telephone Network (PSTN) or the Public Internet does have a CALEA
> requirement.  At that point, it must be decided who has the CALEA
> obligation.  If the University acts as its own ISP, I would assume that
> they have the obligation.  Also, if the University implements dynamic IP
> addresses for local end points it would need to provide the end user
> associated with that dynamic address for an authorized interception.
>
> As you have probably noticed, determining whether an entity needs to be
> CALEA compliant is not a simple question.  I suggest that you pose the
> question to your legal resources before initiating any action.
>
> Nate
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Julian Y Koh
> Sent: Monday, June 11, 2012 1:22 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Consensus About Open Guest Access
>
> On Mon Jun 11 2012 13:10:36 Central Time, Roger A Safian wrote:
>
> > We have this.  Guest wireless is open, you need to enter your email,
> name, etc. and you get 24 hours of access.  We’ve only been doing it for
> a few months and so far we have had no issues with several thousand users.
>
> 8300+ unique devices since March 28, to be a little more specific.  :)
>
> There are obviously a lot of dips and peaks in some of our data, but
> we're averaging over 260 unique registrations every day, with a max just
> under 500 a couple of times.

Attachment: signature.asc
Description: OpenPGP digital signature