Educause Security Discussion mailing list archives
Re: Personal printer WIFI connectivity policy in dorm rooms
From: Curt Kappenman <ckappenman () ANDERSONUNIVERSITY EDU>
Date: Tue, 10 Jul 2018 13:32:07 +0000
Wilson, I agree with Frank on his observations. While WiFi is a useful tool for those who know how to use it, it is a dangerous tool for the regular user. Most users will turn on their WiFi enabled device and never change the passwords or default settings. While more manufacturers are trying to help put safeguards in place to protect the end-user, these default settings create havoc in the enterprise environment. A little web searching or just simple hacking (go visit someone and take a picture of the default settings sticker on the device) and now you can create chaos for someone or cause them potential irreparable harm. Now multiply this by thousands of users and you can see the outcome. If manufacturers want to help their users, create ways for the users to interact with their device (when a USB connection is not available) on a personal level that does not require access to a WiFi network. Another option would be to have a separate driver / configuration that could be used in enterprise environments that would allow for greater control over who or what can talk to the device. The BYOD movement is understandable but opens a great deal of new potentials for unwanted or unwarranted access. Manufacturers need to help us (the IT department) in being able to deal with and control these concerns if they want to see a greater acceptance to allowing users to bring their own printers and devices into the enterprise network environment. Curt Kappenman Security Compliance Officer / Systems Technician [cid:image002.png@01CE928D.7FDE1D30]<http://www.andersonuniversity.edu/it.aspx> 316 Boulevard, Anderson, SC 29621 Phone: (864) 231-2850 Help Desk: (864) 231-2457 ckappenman () andersonuniversity edu<mailto:ckappenman () andersonuniversity edu> www.andersonuniversity.edu<http://www.andersonuniversity.edu/> Note: This message contains information which may be confidential and privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy or disclose to anyone this message or any information contained in this message. If you have received this message in error, please advise the sender by replying to ckappenman () andersonuniversity edu<mailto:ckappenman () andersonuniversity edu>, and delete the message. Thank you for your cooperation in this matter. [Facebook]<https://www.facebook.com/pages/AU-Information-Technology/248016151900704>[Twitter]<https://twitter.com/#!/AUTechnology> From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Frank Barton Sent: Tuesday, July 10, 2018 8:16 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Personal printer WIFI connectivity policy in dorm rooms Wilson, Here is what we tell our students: 1) Turn off WiFi on your printer, Use a USB Cable 2) Talk to your professors and ask them why they aren't accepting digital uploads to canvas The problem that we have isn't so much with connecting wireless printers to the student network (though there are concerns about other people using the printer without permission), it comes from the students setting up the printers in ad-hoc mode, and filling the already densely filled spectrum. My suggestion, if you really want to have printers be useful in dense environments such as residence halls, would be to ditch the WiFi, and look at using bluetooth, or possibly even NFC Frank On Tue, Jul 10, 2018 at 2:34 AM, Wong, Wilson (HPS Global R&D) <wilson.wong () hp com<mailto:wilson.wong () hp com>> wrote: Hello everyone, I am a program manager for personal printers. I wish to understand the WIFI environment/policies in dorm rooms for personal printers so we can design a solution that works well in these environment. I have the following list of questions. Appreciate insights. Is a Captive Portal used to access the Wi-Fi network? Is 802.1x used for secure access to the Wi-Fi network? Is “client isolation” enabled on your Wi-Fi network, so that one client on the network can’t access other clients directly? Do you have a policy against connecting personal printers to your Wi-Fi network? If 802.1x is used, what type of 802.1x authentication is used. We may need to think about the specific question a bit more but I am thinking we could ask them two questions: Does your 802.1x authentication involve a password, a token (e.g. , USB key), or a certificate (multiple selections allowed) Please provide the instructions you provide to students on how to configure access to your Wi-Fi network (e.g., a web link) Wilson Wong Master Program Manager HP Inc. -- Frank Barton Security+, ACMT, MCP IT Systems Administrator Husson University
Current thread:
- Personal printer WIFI connectivity policy in dorm rooms Wong, Wilson (HPS Global R&D) (Jul 09)
- Re: Personal printer WIFI connectivity policy in dorm rooms Frank Barton (Jul 10)
- Re: Personal printer WIFI connectivity policy in dorm rooms Curt Kappenman (Jul 10)
- Re: Personal printer WIFI connectivity policy in dorm rooms Rand Hall (Jul 10)
- Re: Personal printer WIFI connectivity policy in dorm rooms Andrew Chiarello (Jul 10)
- Re: Personal printer WIFI connectivity policy in dorm rooms Wong, Wilson (HPS Global R&D) (Jul 10)
- Re: Personal printer WIFI connectivity policy in dorm rooms Frank Barton (Jul 11)
- Re: Personal printer WIFI connectivity policy in dorm rooms Curt Kappenman (Jul 11)
- Re: Personal printer WIFI connectivity policy in dorm rooms Mccormick, Kevin (Jul 11)
- Re: Personal printer WIFI connectivity policy in dorm rooms Andrew Chiarello (Jul 10)
- Re: Personal printer WIFI connectivity policy in dorm rooms Frank Barton (Jul 10)