[37886] in Resnet-Forum

home help back first fref pref prev next nref lref last post

Re: Wireless Access

daemon@ATHENA.MIT.EDU (Greg Bowser)
Fri Jan 18 15:57:02 2013

X-URI-Submission-From: topnotcher@mail.uri.edu
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Message-ID:  <983034493.17002952.1358542574587.JavaMail.root@mail.uri.edu>
Date:         Fri, 18 Jan 2013 15:56:14 -0500
Reply-To: Resnet Forum <RESNET-L@LISTSERV.ND.EDU>
From: Greg Bowser <bowser@URI.EDU>
To: RESNET-L@LISTSERV.ND.EDU
In-Reply-To:  <7E64DBDB85032D40BE50168C91A3D2A363D8C98A37@stg-mail.kent-school.edu>

We're using Aruba/Safe*Connect. As a compromise for allowing unauthenticated guest access, we "tiered" the guest access.  The basic, unauthenticated guest access, puts guests in an Aruba role with the following restrictions:
     - 512kbps bandwidth limit (horrible, I know...)
     - can only access http, https
     - access only valid on weekdays, 0800-2200
     - only provides internet access (i.e. direct access to OUR network is blocked)

The login page has a message clearly informing guests of the restrictions and that they can be lifted by contacting the Help Desk to obtain a guest account. 

If I had allow access to the internal network, I limit the access to subnets containing public-facing assets (university website, etc)

- Greg 

-------------------------------
Greg Bowser
Information Technologist
Information Security Office
University of Rhode Island

bowser@uri.edu
(401) 874-7285

1 Tyler Hall
9 Green House Rd
Kingston, RI 02881


----- Original Message -----
From: "Joe Sec" <JoeSec@KENT-SCHOOL.EDU>
To: RESNET-L@LISTSERV.ND.EDU
Sent: Friday, January 18, 2013 3:18:58 PM
Subject: Re: Wireless Access




We have younger students than you, but our first concern with this was how to keep them from using it all of the time. 

If for no other reason than that they would not be able to get to network resources they require. 

In the end, self-registration on a separate vlan through our Aruba boxes seems to have worked well. 

It’s enough trouble and you have to renew it every day that students don’t want to bother. 

You still have to be concerned about someone using your network for nefarious purposes… 



Adam 



From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] On Behalf Of James Colunio 
Sent: Friday, January 18, 2013 3:00 PM 
To: RESNET-L@LISTSERV.ND.EDU 
Subject: Wireless Access 



Greetings, 





I have been asked to investigate the possibility of providing access for campus visitors/guests/etc. WITHOUT authenticating. We are currently using Bradford's NAC solution to handle all WIFI devices here and provide scans and access. It is my thinking (and please correct me where I'm wrong) that another SSID and/or VLAN would be needed. I have the same question into Bradford Support, but there's nothing like getting feedback from people that have already been there. 





I would appreciate any feedback by anyone that is doing this AND from those of you that see security problems with this approach. Because I have just received this request, my initial reaction is a concern for security, but if there's an approach that works and does NOT put the network at risk, then I have to pursue this. 





I want to thank any and everyone in advance for their input. 





Jim 





-- 
Jim Colunio 
Network-Systems Administrator 
Elmira, College 
One Park Place 
Elmira, NY 14901 
Ph. (607) 735-1921 

___________________________________________________ You are subscribed to the ResNet-L mailing list. 

To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.EDU/archives/resnet-l.html ___________________________________________________ ___________________________________________________ You are subscribed to the ResNet-L mailing list. 

To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.EDU/archives/resnet-l.html ___________________________________________________

___________________________________________________
You are subscribed to the ResNet-L mailing list.

To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________

home help back first fref pref prev next nref lref last post