Educause Security Discussion mailing list archives

Re: The Wisdom of Allowing an Open Port

From: Will Froning <will.froning () GMAIL COM>
Date: Thu, 29 Nov 2012 10:29:45 +0400

Hello Jim,

Jim Pardonek wrote:

Good Afternoon,
On our hospital campus we have an "open" wlan that requires the usual
rudimentary form of authentication (some email address and your name) to
gain access, similar to a hotel portal. Some of the medical staff want
us to open port 1373 TCP so that they can access our GroupWise (I know)
servers using the regular client application. Other than the normal
reasons for keeping everything except 80 and 443 closed, I'm looking to
see if anyone would like to weigh in on reasons for and against opening
this up.
Thanks,
Jim


At my current Uni I follow Julian's train of thought.

Julian Y Koh wrote:

Is there an authenticated SSID that those staff members should be
using instead?  If so, why are they using the open SSID?

Which means I do block access to all authenticated services (Blackboard,Banner, Mail, etc) on open/guest/conference SSIDs. If they have apassword to use those authenticated services, then they should be usingthat same password to connect to the staff/student SSID.

I would say 'no we don't permit that access' and then kindly direct themto the helpdesk to configure their wireless devices.


Thanks,
Will
--
Will Froning
Unix/InfoSec/Network Admin
Will.Froning () Gmail com

Current thread:

The Wisdom of Allowing an Open Port Jim Pardonek (Nov 28)
- Re: The Wisdom of Allowing an Open Port Jeff Kell (Nov 28)
- Re: The Wisdom of Allowing an Open Port Julian Y Koh (Nov 28)
- Re: The Wisdom of Allowing an Open Port Kevin Wilcox (Nov 28)
- Re: The Wisdom of Allowing an Open Port Roger A Safian (Nov 28)
- Re: The Wisdom of Allowing an Open Port Will Froning (Nov 28)
  - Re: The Wisdom of Allowing an Open Port Roger A Safian (Nov 29)
- Re: The Wisdom of Allowing an Open Port Russ Leathe (Nov 29)