Educause Security Discussion mailing list archives

Re: Personal printer WIFI connectivity policy in dorm rooms

From: Curt Kappenman <ckappenman () ANDERSONUNIVERSITY EDU>
Date: Tue, 10 Jul 2018 13:32:07 +0000

Wilson,
  I agree with Frank on his observations.  While WiFi is a useful tool for those who know how to use it, it is a 
dangerous tool for the regular user.  Most users will turn on their WiFi enabled device and never change the passwords 
or default settings.  While more manufacturers are trying to help put safeguards in place to protect the end-user, 
these default settings create havoc in the enterprise environment.

  A little web searching or just simple hacking (go visit someone and take a picture of the default settings sticker on 
the device) and now you can create chaos for someone or cause them potential irreparable harm.  Now multiply this by 
thousands of users and you can see the outcome.

  If manufacturers want to help their users, create ways for the users to interact with their device (when a USB 
connection is not available) on a personal level that does not require access to a WiFi network.  Another option would 
be to have a separate driver / configuration that could be used in enterprise environments that would allow for greater 
control over who or what can talk to the device.

  The BYOD movement is understandable but opens a great deal of new potentials for unwanted or unwarranted access.  
Manufacturers need to help us (the IT department) in being able to deal with and control these concerns if they want to 
see a greater acceptance to allowing users to bring their own printers and devices into the enterprise network 
environment.


Curt Kappenman
Security Compliance Officer / Systems Technician

[cid:image002.png@01CE928D.7FDE1D30]<http://www.andersonuniversity.edu/it.aspx>


316 Boulevard, Anderson, SC 29621
Phone: (864) 231-2850
Help Desk: (864) 231-2457
ckappenman () andersonuniversity edu<mailto:ckappenman () andersonuniversity edu>
www.andersonuniversity.edu<http://www.andersonuniversity.edu/>

Note: This message contains information which may be confidential and privileged. Unless you are the addressee (or 
authorized to receive for the addressee), you may not use, copy or disclose to anyone this message or any information 
contained in this message. If you have received this message in error, please advise the sender by replying to 
ckappenman () andersonuniversity edu<mailto:ckappenman () andersonuniversity edu>, and delete the message. Thank you 
for your cooperation in this matter.

[Facebook]<https://www.facebook.com/pages/AU-Information-Technology/248016151900704>[Twitter]<https://twitter.com/#!/AUTechnology>

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Frank Barton
Sent: Tuesday, July 10, 2018 8:16 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Personal printer WIFI connectivity policy in dorm rooms

Wilson, Here is what we tell our students:

1) Turn off WiFi on your printer, Use a USB Cable
2) Talk to your professors and ask them why they aren't accepting digital uploads to canvas

The problem that we have isn't so much with connecting wireless printers to the student network (though there are 
concerns about other people using the printer without permission), it comes from the students setting up the printers 
in ad-hoc mode, and filling the already densely filled spectrum.

My suggestion, if you really want to have printers be useful in dense environments such as residence halls, would be to 
ditch the WiFi, and look at using bluetooth, or possibly even NFC

Frank


On Tue, Jul 10, 2018 at 2:34 AM, Wong, Wilson (HPS Global R&D) <wilson.wong () hp com<mailto:wilson.wong () hp com>> 
wrote:
Hello everyone,

I am a program manager for personal printers. I wish to understand the WIFI environment/policies in dorm rooms for 
personal printers so we can design a solution that works well in these environment.

I have the following list of questions. Appreciate insights.

Is a Captive Portal used to access the Wi-Fi network?
Is 802.1x used for secure access to the Wi-Fi network?
Is “client isolation” enabled on your Wi-Fi network, so that one client on the network can’t access other clients 
directly?
Do you have a policy against connecting personal printers to your Wi-Fi network?
If 802.1x is used, what type of 802.1x authentication is used. We may need to think about the specific question a bit 
more but I am thinking we could ask them two questions:
Does your 802.1x authentication involve a password, a token (e.g. , USB key), or a certificate (multiple selections 
allowed)
Please provide the instructions you provide to students on how to configure access to your Wi-Fi network (e.g., a web 
link)


Wilson Wong
Master Program Manager
HP Inc.




--
Frank Barton
Security+, ACMT, MCP
IT Systems Administrator
Husson University

Current thread:

Personal printer WIFI connectivity policy in dorm rooms Wong, Wilson (HPS Global R&D) (Jul 09)
- Re: Personal printer WIFI connectivity policy in dorm rooms Frank Barton (Jul 10)
  - Re: Personal printer WIFI connectivity policy in dorm rooms Curt Kappenman (Jul 10)
- Re: Personal printer WIFI connectivity policy in dorm rooms Rand Hall (Jul 10)
  - Re: Personal printer WIFI connectivity policy in dorm rooms Andrew Chiarello (Jul 10)
    - Re: Personal printer WIFI connectivity policy in dorm rooms Wong, Wilson (HPS Global R&D) (Jul 10)
    - Re: Personal printer WIFI connectivity policy in dorm rooms Frank Barton (Jul 11)
    - Re: Personal printer WIFI connectivity policy in dorm rooms Curt Kappenman (Jul 11)
    - Re: Personal printer WIFI connectivity policy in dorm rooms Mccormick, Kevin (Jul 11)