RE: [WIRELESS-LAN] Wireless Open Access- not sponsored guest acce ss
Lee, Our access is twofold. The first is a broadcast ssid that necessitates the downloading and running of a vpn client for full network access. The second is a guest ssid that is not broadcast. The ssid is changed monthly and is only word of mouth. Part of the word is "buyer beware" as there is no authentication or encryption. Kind of easy to netstumble it and it doesn't scale so we are looking for other methods as we continue our rollout. Anyone who uses the guest ssid gets routed out to the internet even to get to internal sites. In that way, they have to go through the same hurdles (acls) that any outside user has to face. Don Gallerie The University at Albany -Original Message- From: Lee Badman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 02, 2005 3:40 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless Open Access- not sponsored guest access Hello to this group. I'm looking for updated information on what (and if) schools are doing for "open" wireless network access. It's easy to trip over the words "guest" and "open" so I'll define the terms for this question: -guest- someone who has been sponsored in some way by an authorized computing account holder affiliated with your college or University -open- anyone, period. Think of it as hotsot access, no affiliation with your school or college needed. With that out of the way, here's the questions about open access: - Do you allow open wireless access to the local community or anyone else? What is your strategy for this? - If you do allow open access, have you had problems? - If you haven't had problems, do you fear problems like malicious activity originating from your network that can't be tracked to a user? - If you allow open access, were your risk management/legal types consulted? Guest access- - How do you "sponsor" visiting guest? - Any self-service mechanisms for staff and faculty to quickly get a visitor on the wireless network without having to contact someone in IT? - Any guest access horror stories? Thanks for your time- it's a great group. Please, no sales calls in response to this posting. Lee H. Badman Network Engineer CWSP, CWNA (CWNP011288) Computing and Media Services (NSS) 250 Machinery Hall Syracuse University Syracuse, NY 13244 (315) 443-3003 Voice (315) 443-1621 Fax ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless Open Access- not sponsored guest access
Here at Purdue the official wireless network supported campus wide is 'closed'. We have about 1800 AP's around campus. Connecting to one, it does broadcast the SSID, but once connected you only can go to our wireless information web site. So to go further you must run a VPN connection to our VPN server which you must authenticate with your Purdue career account. All staff, faculty, and students have a career account. For 'visitors' to Purdue we have available special event accounts to allow non Purdue people access to the networks. Tim. Timothy Lange Manager/Lab Support Teaching and Learning Technologies Purdue University Information Technology at Purdue, Room 516 Young Hall 302 Wood Street West Lafayette, IN 47907-2108 Phone: 765-496-8260 Fax: 765-494-0566 Email: [EMAIL PROTECTED] Lee Badman wrote: Hello to this group. I'm looking for updated information on what (and if) schools are doing for "open" wireless network access. It's easy to trip over the words "guest" and "open" so I'll define the terms for this question: -guest- someone who has been sponsored in some way by an authorized computing account holder affiliated with your college or University -open- anyone, period. Think of it as hotsot access, no affiliation with your school or college needed. With that out of the way, here's the questions about open access: - Do you allow open wireless access to the local community or anyone else? What is your strategy for this? - If you do allow open access, have you had problems? - If you haven't had problems, do you fear problems like malicious activity originating from your network that can't be tracked to a user? - If you allow open access, were your risk management/legal types consulted? Guest access- - How do you "sponsor" visiting guest? - Any self-service mechanisms for staff and faculty to quickly get a visitor on the wireless network without having to contact someone in IT? - Any guest access horror stories? Thanks for your time- it's a great group. Please, no sales calls in response to this posting. Lee H. Badman Network Engineer CWSP, CWNA (CWNP011288) Computing and Media Services (NSS) 250 Machinery Hall Syracuse University Syracuse, NY 13244 (315) 443-3003 Voice (315) 443-1621 Fax ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless Open Access- not sponsored guest access
-Original Message- From: Lee Badman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 02, 2005 12:40 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless Open Access- not sponsored guest access Hello to this group. I'm looking for updated information on what (and if) schools are doing for "open" wireless network access. It's easy to trip over the words "guest" and "open" so I'll define the terms for this question: -guest- someone who has been sponsored in some way by an authorized computing account holder affiliated with your college or University -open- anyone, period. Think of it as hotsot access, no affiliation with your school or college needed. With that out of the way, here's the questions about open access: - Do you allow open wireless access to the local community or anyone else? What is your strategy for this? Answer: Yes we do. We have limited access from those networks in line with what a person could access from an open network jack in a classroom. No administrative system access, but general network access is ok. We are on 1000 acres of isolated wooded land, so resource hijacking from nearby residential communities isn't a large issue. I hope in the future to require acknowledgement of our appropriate use policy at the beginning of the network connection, but am not even doing that right now. - If you do allow open access, have you had problems? One or two virus laiden machines have been plugged into the campus network , but this is extremely small compared to what we've experienced from our residential network. - If you haven't had problems, do you fear problems like malicious activity originating from your network that can't be tracked to a user? We've had virus infected machines causing problems over our wireless network. We were able to pretty quickly track them down to which access point they were on. We then just had someone walk around looking for laptops, and found them in the library and corrected the problem. - If you allow open access, were your risk management/legal types consulted? No, I didn't consider the addition of wireless a change in risk because we already had open and avaialable network jacks in classrooms and lounge spaces that were normally unlocked. These public spaces seemed to be just as accessible from a risk standpoint as wireless. Guest access- - How do you "sponsor" visiting guest? - Any self-service mechanisms for staff and faculty to quickly get a visitor on the wireless network without having to contact someone in IT? - Any guest access horror stories? Thanks for your time- it's a great group. Please, no sales calls in response to this posting. Lee H. Badman Network Engineer CWSP, CWNA (CWNP011288) Computing and Media Services (NSS) 250 Machinery Hall Syracuse University Syracuse, NY 13244 (315) 443-3003 Voice (315) 443-1621 Fax ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless Open Access- not sponsored guest access
In the past we allowed "open" access via Enterasys Secure networks policy on R2 Access points. It allowed for a base level of access based on L3-4 policy. We have now shifted to either using Secure Networks policy on the uplink port of the Meru Networks controller we use for wireless. The policy is based on the VLAN the Meru Controller dumps the user in. The user is dumped based on the SSID they choose. We are likely going to add the Open Networking features of Cisco Clean Access. mike -- Michael Ruiz Network and Enterprise Systems Engineer Hobart and William Smith Colleges Information Technology Services P 315-781-3711 F 315-781-3409 - HWS Faculty, Staff, Students and Alums Can purchase technology online and with an HWS DISCOUNT! http://www.cdwg.com/hws -Original Message- From: Lee Badman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 02, 2005 3:40 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless Open Access- not sponsored guest access Hello to this group. I'm looking for updated information on what (and if) schools are doing for "open" wireless network access. It's easy to trip over the words "guest" and "open" so I'll define the terms for this question: -guest- someone who has been sponsored in some way by an authorized computing account holder affiliated with your college or University -open- anyone, period. Think of it as hotsot access, no affiliation with your school or college needed. With that out of the way, here's the questions about open access: - Do you allow open wireless access to the local community or anyone else? What is your strategy for this? - If you do allow open access, have you had problems? - If you haven't had problems, do you fear problems like malicious activity originating from your network that can't be tracked to a user? - If you allow open access, were your risk management/legal types consulted? Guest access- - How do you "sponsor" visiting guest? - Any self-service mechanisms for staff and faculty to quickly get a visitor on the wireless network without having to contact someone in IT? - Any guest access horror stories? Thanks for your time- it's a great group. Please, no sales calls in response to this posting. Lee H. Badman Network Engineer CWSP, CWNA (CWNP011288) Computing and Media Services (NSS) 250 Machinery Hall Syracuse University Syracuse, NY 13244 (315) 443-3003 Voice (315) 443-1621 Fax ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Wireless Open Access- not sponsored guest access
Hello to this group. I'm looking for updated information on what (and if) schools are doing for "open" wireless network access. It's easy to trip over the words "guest" and "open" so I'll define the terms for this question: -guest- someone who has been sponsored in some way by an authorized computing account holder affiliated with your college or University -open- anyone, period. Think of it as hotsot access, no affiliation with your school or college needed. With that out of the way, here's the questions about open access: - Do you allow open wireless access to the local community or anyone else? What is your strategy for this? - If you do allow open access, have you had problems? - If you haven't had problems, do you fear problems like malicious activity originating from your network that can't be tracked to a user? - If you allow open access, were your risk management/legal types consulted? Guest access- - How do you "sponsor" visiting guest? - Any self-service mechanisms for staff and faculty to quickly get a visitor on the wireless network without having to contact someone in IT? - Any guest access horror stories? Thanks for your time- it's a great group. Please, no sales calls in response to this posting. Lee H. Badman Network Engineer CWSP, CWNA (CWNP011288) Computing and Media Services (NSS) 250 Machinery Hall Syracuse University Syracuse, NY 13244 (315) 443-3003 Voice (315) 443-1621 Fax ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
