Educause Security Discussion mailing list archives
Re: Guest wireless restrictions
From: Roger A Safian <r-safian () NORTHWESTERN EDU>
Date: Mon, 29 Apr 2013 18:31:02 +0000
We had this concern as well, with the limit, and the fact that gusts need to sign up every week, we find that most of our community use the secure SSID here. We do find that there are people with older devices, and they are able to use our guest wireless for access for those devices. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Curry Sent: Monday, April 29, 2013 1:28 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Guest wireless restrictions We're planning to use sponsored access as well (no open access). But we still want to limit it, both because many of the users are not faculty/staff/students and they don't need unfettered access, and also because we want to convince faculty/staff/students to use the "secure" SSID and not the "guest" one. -- DAVID A. CURRY, CISSP * DIRECTOR OF INFORMATION SECURITY THE NEW SCHOOL * 55 W. 13TH STREET * NEW YORK, NY 10011 +1 212 229-5300 x4728 * david.curry () newschool edu<mailto:david.curry () newschool edu> On Mon, Apr 29, 2013 at 2:24 PM, randy <marchany () vt edu<mailto:marchany () vt edu>> wrote: The key to our guest wireless system is to assign the guests to a university "sponsor". The sponsor has the ability to dictate the hours/days the guest can access the net. We don't restrict protocol or bandwidth for guests as far as I know. The sponsor and the guest share responsibility for being good netizens. Our guest access FAQ page is at http://www.cns.vt.edu/data_guestFAQ.html. -Randy Marchany VA Tech IT Security Office & Lab On Mon, Apr 29, 2013 at 10:19 AM, David Curry <david.curry () newschool edu<mailto:david.curry () newschool edu>> wrote: We're (still) in the process of thinking about how we want to split our wireless network into two SSIDs, one for students/faculty/staff and one for "guests" (in quotes because students and staff may be allowed to use it too). We're thinking we want to do what a number of other schools have done, and limit the "guest" SSID to a few protocols: * ICMP * HTTP and HTTPS * POP and IMAP in their SSL flavors only (no plaintext) * SMTP in its SSL and TLS flavors only (no plaintext) * VPN (IPSec, PPTP, L2TP) which after Googling around a bit seems to be a pretty common set (some also allow unencrypted POP/IMAP/SMTP, and others also allow various flavors of chat/instant messaging). We'd also like (we think) to limit individual user bandwidth on the guest wireless, partly to cut down on the damage a "misbehaving" client can cause, and partly to encourage students/faculty/staff to move over to the "secure" SSID. Googling around on this topic, I've been able to find lots of schools doing this, but very few that document what their limits actually are. So, two questions: 1. If you limit the protocols on your guest wireless, is there anything not in the list above that you've found it necessary to allow? 2. If you limit the bandwidth (speed) on your guest wireless, what are your download/upload limits (speeds), and what does that allow/not allow (e.g., streaming audio/video). Thanks, --Dave -- DAVID A. CURRY, CISSP * DIRECTOR OF INFORMATION SECURITY THE NEW SCHOOL * 55 W. 13TH STREET * NEW YORK, NY 10011 +1 212 229-5300 x4728 * david.curry () newschool edu<mailto:david.curry () newschool edu>
Current thread:
- Re: Guest wireless restrictions, (continued)
- Re: Guest wireless restrictions Kevin Hayes (Apr 29)
- Re: Guest wireless restrictions Julian Y Koh (Apr 29)
- Re: Guest wireless restrictions Jeff Kell (Apr 29)
- Re: Guest wireless restrictions Dr. Wole Akpose (Apr 29)
- Re: Guest wireless restrictions David Curry (Apr 29)
- Re: Guest wireless restrictions Roger A Safian (Apr 29)
- Re: Guest wireless restrictions Nathaniel Hall (Apr 29)
- Re: Guest wireless restrictions Carson, Larry (Apr 29)
- Re: Guest wireless restrictions randy (Apr 29)
- Re: Guest wireless restrictions David Curry (Apr 29)
- Re: Guest wireless restrictions Roger A Safian (Apr 29)
- Re: Guest wireless restrictions Ken Connelly (Apr 29)
- Re: Guest wireless restrictions Dewitt Latimer (Apr 29)
- Re: Guest wireless restrictions Ken Connelly (Apr 29)
- Re: Guest wireless restrictions Eric C. Lukens (Apr 29)
- Re: Guest wireless restrictions Palmer, Kevin J. (Apr 29)
- Re: Guest wireless restrictions Dewitt Latimer (Apr 29)
- Re: Guest wireless restrictions Roger A Safian (Apr 29)
- Re: Guest wireless restrictions David Curry (Apr 29)
- Re: Guest wireless restrictions Roger A Safian (Apr 29)
- Re: Guest wireless restrictions Karl Bernard (Apr 30)