Educause Security Discussion mailing list archives

Re: Personal printer WIFI connectivity policy in dorm rooms

From: "Mccormick, Kevin" <ke-mccormick () WIU EDU>
Date: Wed, 11 Jul 2018 13:06:24 -0500

With the density of students in residence halls, wireless printers that
broadcast their own network is an issue.

Also something we do not like to see in staff offices either, but easier to
deal with staff and turn off WiFi.

Students and staff don't understand the technology just connect the printer
with USB and don't know to turn off the WiFi.

With some printers this may not be an easy or intuitive task.

Like many laptops, an WiFi On/Off switch would be an excellent feature with
the default state of Off.

We do allow students to connect printers to the WiFi with PSK and MAC
address filtering.

They have to register the printers MAC address and configure the WiFi just
like their other non 802.1x devices.

We don't recommend them to do this if there is no way to secure printer
from others printing and IP addresses are dynamic and may change.

We also tell the students they should using wired connections for devices
that are not mobile, and only use WiFI for phones, tablets, latops, etc...


Kevin McCormick <https://www.youracclaim.com/user/kevin-mccormick>
Network Administrator
University Technology - Western Illinois University
KE-McCormick () wiu edu | (309) 298-1335 <3092981335> | Morgan Hall 106b
Connect with uTech: Website <http://www.wiu.edu/utech> | Facebook
<https://www.facebook.com/uTechWIU> | Twitter
<https://twitter.com/WIU_uTech>


On Tue, Jul 10, 2018 at 8:17 PM, Wong, Wilson (HPS Global R&D) <
wilson.wong () hp com> wrote:

Hello Frank, Curt, Rand and Andrew,



This gives me the boundary condition to define the solution space.



Thank you very much for sharing the insights and the implications of how
solution must pivot to.



Wilson Wong

Master Program Manager

HP Inc.



*From:* The EDUCAUSE Security Constituent Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Andrew Chiarello
*Sent:* Tuesday, July 10, 2018 10:10 PM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Personal printer WIFI connectivity policy in
dorm rooms



I'd like to second making WiFi Direct off by default. Every semester, we
go around teaching people how to turn it off, so that it stops broadcasting
interfering networks.



In general, the support burden of getting printers working on the wireless
network is higher than we can sustain, so we tell our students to use USB
exclusively. While a few students manage to get their printers connected
correctly, the vast majority of them just create problems.



Andrew J. Chiarello

Senior Network Engineer

Bryn Mawr College

achiarello () brynmawr edu

(610) 526-7966
------------------------------

*From:* The EDUCAUSE Security Constituent Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Rand Hall <
hallr () MERRIMACK EDU>
*Sent:* Tuesday, July 10, 2018 9:55:43 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Personal printer WIFI connectivity policy in
dorm rooms



Most educational networks won't be much different from most corporate
networks.

If you want to do higher-ed a solid, ship your devices to only use
standard channels and have WiFi Direct disabled by default. Bonus
points for making the WiFi On/Off button turn off WiFi Direct as well.

Rand

Rand P. Hall
Director, Network Services                 askIT!
Merrimack College
978-837-3532
rand.hall () merrimack edu

If I had an hour to save the world, I would spend 55 minutes defining
the problem and five minutes finding solutions. – Einstein

On Tue, Jul 10, 2018 at 2:44 AM Wong, Wilson (HPS Global R&D)
<wilson.wong () hp com> wrote:


Hello everyone,



I am a program manager for personal printers. I wish to understand the

WIFI environment/policies in dorm rooms for personal printers so we can
design a solution that works well in these environment.




I have the following list of questions. Appreciate insights.



Is a Captive Portal used to access the Wi-Fi network?

Is 802.1x used for secure access to the Wi-Fi network?

Is “client isolation” enabled on your Wi-Fi network, so that one client

on the network can’t access other clients directly?


Do you have a policy against connecting personal printers to your Wi-Fi

network?


If 802.1x is used, what type of 802.1x authentication is used. We may

need to think about the specific question a bit more but I am thinking we
could ask them two questions:


Does your 802.1x authentication involve a password, a token (e.g. , USB

key), or a certificate (multiple selections allowed)


Please provide the instructions you provide to students on how to

configure access to your Wi-Fi network (e.g., a web link)






Wilson Wong

Master Program Manager

HP Inc.

Current thread:

Personal printer WIFI connectivity policy in dorm rooms Wong, Wilson (HPS Global R&D) (Jul 09)
- Re: Personal printer WIFI connectivity policy in dorm rooms Frank Barton (Jul 10)
  - Re: Personal printer WIFI connectivity policy in dorm rooms Curt Kappenman (Jul 10)
- Re: Personal printer WIFI connectivity policy in dorm rooms Rand Hall (Jul 10)
  - Re: Personal printer WIFI connectivity policy in dorm rooms Andrew Chiarello (Jul 10)
    - Re: Personal printer WIFI connectivity policy in dorm rooms Wong, Wilson (HPS Global R&D) (Jul 10)
    - Re: Personal printer WIFI connectivity policy in dorm rooms Frank Barton (Jul 11)
    - Re: Personal printer WIFI connectivity policy in dorm rooms Curt Kappenman (Jul 11)
    - Re: Personal printer WIFI connectivity policy in dorm rooms Mccormick, Kevin (Jul 11)