Educause Security Discussion mailing list archives
Re: Wireless Guest Access
From: "HALL, NATHANIEL D." <halln () OTC EDU>
Date: Thu, 28 Sep 2006 11:19:09 -0500
We offer a similar type of system here, but there are a few differences. Currently, there is no logon other than the initial SSID to the "student network" (for students, faculty, staff, and external groups utilizing the campus) although we are researching the possibility. The network is physically / logically located outside our internal network firewalls and is protected by its own firewall. Combined with the firewall is a content filtering solution called DansGuardian that prevents users from viewing objectionable material. We previously had the network behind a router and did very little logging. We were later contacted by law enforcement about a case they were working and did not have any logs to help them. We decided that we would put the firewall in place to have some protection against claims that we weren't doing enough. The reason we are considering authentication is to be able to track somebody down if needed, usually for legal issues or for breaking the AUP. -- Nathaniel Hall, GSEC GCFW GCIA GCIH Network Security System Administrator OTC Computer Networking Office: (417) 447-7535 ________________________________ From: Matt Arthur [mailto:arthur () WUSTL EDU] Sent: Thursday, September 28, 2006 10:49 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Wireless Guest Access We are in the process of adding a couple hundred of the new generation centrally controlled wireless access points. Our current system requires a login and pw. The new system requires the same. We have had a discussion locally about adding a 'Guest' SSID that would not require a login and would ONLY provide access to web traffic. Our main goal is to allow visiting faculty, staff, prospective students, and parents to have a way to use their mobile device to check email via their yahoo account, web portal, etc... From a technical security point of view, we feel okay that folks won't be able to 'cross over' into our secure SSID area and if they download a virus/bot, it can't jump onto our network. My questions and concerns are more towards the political and legal side of things. Does anyone offer this type of wireless access? If so, are there legal/political battles that you have either fought or stepped around? Or does everyone still require some form of authentication?
Current thread:
- Wireless Guest Access Matt Arthur (Sep 28)
- <Possible follow-ups>
- Re: Wireless Guest Access Randy Marchany (Sep 28)
- Re: Wireless Guest Access HALL, NATHANIEL D. (Sep 28)
- Re: Wireless Guest Access Christopher Misra (Sep 28)
- Re: Wireless Guest Access Steve Lovaas (Sep 28)
- Re: Wireless Guest Access Geoff Nathan (Sep 28)
- Re: Wireless Guest Access Joe St Sauver (Sep 28)
- Re: Wireless Guest Access Matt Arthur (Sep 28)
- Re: Wireless Guest Access Steve Lovaas (Sep 28)
- Re: Wireless Guest Access Jeff Giacobbe (Sep 28)
- Re: Wireless Guest Access Koerber, Jeff (Sep 28)
- Re: Wireless Guest Access Geoff Nathan (Sep 29)