Firewall Wizards mailing list archives

RE: Locking down public wireless access

From: "Smith, Aaron" <SmithA () byui edu>
Date: Tue, 22 Feb 2005 11:59:58 -0700

We've used a gateway appliance from Bluesocket.com to provide a similar
setup.  The authentication is web-based using https.  It ties into our
backend directory and provides different access based on who the user
is.  Bluesocket can also require that you make a VPN tunnel to get
access, but we didn't like that idea.

We don't encrypt anything because we didn't feel that protecting the
data was worth the time it would take to manage it (do you need to
encrypt Bobby's email to Suzy saying, "Can I borrow your notes from
biology class?").  Application layer crypto is good enough to protect
registration and personal data.  When employees start using it, we will
start encrypting it at the network layer.

If you want to use the WRT54G, check out www.sveasoft.com for some
custom firmware.  They have releases that may do what you're looking
for.  Good luck,

@@ron Smith
 

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Chris
Bills
Sent: Saturday, February 19, 2005 11:31 AM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Locking down public wireless access

At my university, the computer science department would like to offer
wireless access to computer science students, but would like the
access to not be anonymous. Current problems with unrestricted access
to the internet are obvious, anonymous kids downloading porn, movies,
mp3s, etc, and as the university allowed this to happen, they could be
held liable.

enforcing a logon policy would help limit the university's liability
in said situations.

ideally, we would like to implement a system in which the user will
connect to un-encrypted wireless, but any attempts to get out will be
redirected to the authentication page. Once the user logs in, they
will be given the WEP key of the day, and then they will have
unrestricted access.

I'm investigating the usage of Linksys WRT45G routers, with a modified
firmware, but I have no actual experience with this. I would like to
look into other methods of doing this, as well, such as Perfigo (which
has now been acquired by Cisco)...

If you have any suggestions for hardware, or existing documentation
floating on the net about how to achieve this sort of setup, please
let me know.

Chris
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Locking down public wireless access Chris Bills (Feb 22)
- Re: Locking down public wireless access ArkanoiD (Feb 22)
- Re: Locking down public wireless access Jim Seymour (Feb 22)
- Re: Locking down public wireless access Kevin Sheldrake (Feb 22)
- Re: Locking down public wireless access Paul D. Robertson (Feb 22)
- RE: Locking down public wireless access Mark Gumennik (Feb 22)
  - RE: Locking down public wireless access John Adams (Feb 22)
- Re: Locking down public wireless access Dale W. Carder (Feb 23)
  - Re: Locking down public wireless access David Lang (Feb 24)
- <Possible follow-ups>
- RE: Locking down public wireless access Smith, Aaron (Feb 22)