Re: unauthenticated network access

[Steve Lovaas <steven.lovaas () COLOSTATE EDU>]

Justin,

This is absolutely the right place for your question!

We've created a guest VLAN that has access only to the Internet on a
very limited number of ports (web, mail, vpn, dns, etc), and we can
either trunk this VLAN to a particular wired port or associate it with a
secondary guest SSID for wireless.

We've put together a self-service Web site for authorized staff users to
request guest IDs for visitors/contractors/conference attendees, and
scripted the addition of these IDs into a separate RADIUS server that
authenticates these users.

This is not quite live, but it's almost ready and we have high hopes
that we can balance the increasing need for unaffiliated guest access to
basic Web services with our need for security and accountability.

Thanks for asking!

Steve Lovaas
Colorado State University



Justin Sipher wrote:
> Hello all.
>
> I considered where to post this question and decided on the EDUCAUSE
> Security list.
<snip>

> I hope you feel this falls close enough to "security" to warrant the
> post on this list.
>
> Thanks all.
> ...Justin
> _______________________________________________________
>   Justin Sipher
>   Chief Technology Officer
>   Skidmore College
>   Saratoga Springs, NY
>   jsipher () skidmore edu
>   518-580-5909
> _______________________________________________________

--
==============================================================
Steven Lovaas, MSIA, CISSP
Network & Security Resource Manager
Academic Computing & Network Services
Colorado State University
970-297-3707
Steven.Lovaas () ColoState EDU
==============================================================