Educause Security Discussion mailing list archives

Re: The Wisdom of Allowing an Open Port

From: Julian Y Koh <kohster () NORTHWESTERN EDU>
Date: Wed, 28 Nov 2012 22:22:24 +0000

On Nov 28, 2012, at 16:18 , Jim Pardonek <jpardonek () LUC EDU> wrote:


On our hospital campus we have an "open" wlan that requires the usual rudimentary form of authentication (some email 
address and your name) to gain access, similar to a hotel portal.  Some of the medical staff want us to open port 
1373 TCP so that they can access our GroupWise (I know) servers using the regular client application.  Other than the 
normal reasons for keeping everything except 80 and 443 closed, I'm looking to see if anyone would like to weigh in 
on reasons for and against opening this up.


Is there an authenticated SSID that those staff members should be using instead?  If so, why are they using the open 
SSID?  

Is Groupwise traffic encrypted natively on that port?  

Do you allow VPN access from the open SSID?  If so, could the users do that?


-- 
Julian Y. Koh
Manager, Network Transport, Telecommunications and Network Services
Northwestern University Information Technology (NUIT)
2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: <http://www.it.northwestern.edu/>
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>

Current thread:

The Wisdom of Allowing an Open Port Jim Pardonek (Nov 28)
- Re: The Wisdom of Allowing an Open Port Jeff Kell (Nov 28)
- Re: The Wisdom of Allowing an Open Port Julian Y Koh (Nov 28)
- Re: The Wisdom of Allowing an Open Port Kevin Wilcox (Nov 28)
- Re: The Wisdom of Allowing an Open Port Roger A Safian (Nov 28)
- Re: The Wisdom of Allowing an Open Port Will Froning (Nov 28)
  - Re: The Wisdom of Allowing an Open Port Roger A Safian (Nov 29)
- Re: The Wisdom of Allowing an Open Port Russ Leathe (Nov 29)