Educause Security Discussion mailing list archives
Re: NAC with Guest wireless
From: Greg Williams <gwillia5 () UCCS EDU>
Date: Mon, 18 Oct 2010 08:20:07 -0600
We have the same setup here. Open network is through a captive portal for AD or LDAP accounts and provisioned guest accounts only. Ports 80,443, 500 for IKE, 1701 for L2TP, 1723 for PPTP. Additionally we block 443 to any server on campus that authenticates against AD or LDAP. We haven't had anyone come to us asking to open other ports for VPN other than the standard ones. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Cal Frye Sent: Saturday, October 16, 2010 8:21 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] NAC with Guest wireless On 10/15/10 3:57 PM, Childs, Aaron wrote:
We have Guest Wireless but restrict the traffic to HTTP, HTTPS, and establish a VPN connection off campus.
I'm curious to know what the latter means. Standard ports for IPSEC, or just SSL VPN? Do you make provisions for VPN on non-standard ports? We've seen VIPs here a couple times with odd VPN setups that we were blocking and required some adjustment to permit. -- Best regards -- Cal Frye, Network Administrator, Oberlin College Mudd Library, x.56930 -- CIT will NEVER ask you for your password! www.calfrye.com, www.oberlin.edu/cit/ "Love is a form of work or a form of courage." --M. Scott Peck.
Current thread:
- NAC with Guest wireless King, Ronald A. (Oct 15)
- Re: NAC with Guest wireless Childs, Aaron (Oct 15)
- Re: NAC with Guest wireless Reyes, Esteban (Oct 15)
- Re: NAC with Guest wireless Cal Frye (Oct 16)
- Re: NAC with Guest wireless Greg Williams (Oct 18)
- Re: NAC with Guest wireless Anthony Maszeroski (Oct 20)
- Re: NAC with Guest wireless Childs, Aaron (Oct 15)