Penn is planning to require user authentication at "public"
wired jacks in addition to for wireless network access, for
the reasons Cal mentions. Wired jacks in offices would be
exempt for now.
The VPN approach to user authentication would work just fine
for wired jacks, as would the popular web-intercept approaches.
802.1X may eventually provide a viable option in both cases
as well.
^Deke
--On Tuesday, November 26, 2002 8:21 AM -0500 "Guinn, Michael K"
<[EMAIL PROTECTED]> wrote:
That's a good point. But, we talk about wireless as an "extension" of
the network. It's a heck of a lot easier to nail down a data jack that
Evil User has plugged into than it is to find Evil User out in the
woods, within range of a 30mW RF signal. It's easy to put cameras in a
Library, for example, and Evil User might be cognizant of that.
So, "appreciably" is the functional term. Certainly, there's trouble
lurking about anywhere, but VPN is still WAY better than WEP (which was
the initial reason I made the comments below).
Kirt
Kirt Guinn
Wireless Project Analyst
University Information Technology Services
Indiana University
(812) 855-1784
-----Original Message-----
From: Cal Frye [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 25, 2002 10:32 PM
To: [EMAIL PROTECTED]
Subject: Re: [WIRELESS-LAN] Wireless Survey
At 08:52 AM 11/22/2002 -0500, you wrote:
I think it's fair to say that our (NOC) concerns are more based on
unauthorized access to our network than whether someone's individual
data is secure. ONE bad guy can cause LOTS of damage with unauthorized
access. This one bad guy, should he feel the need to kill a server,
for
example, would certainly have the skill to beat WEP. That's why we use
VPN.
How is this appreciably different from an evil user on the wired
network,
say, in the Library? Except it's a bit easier to turn that port off ;-)
Are
you authenticating wired users, too?
--Cal Frye, Network Administrator, Oberlin College
"Just because something doesn't do what you planned it to do doesn't
mean it's useless." --Edison, Thomas A (1847-1931)
**********
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at
http://www.educause.edu/memdir/cg/.
**********
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/memdir/cg/.
-------
Deke Kassabian, Senior Technology Director
Information Systems and Computing, Networking and Telecommunications
University of Pennsylvania <URL:http://www.isc-net.upenn.edu/~deke>
**********
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/memdir/cg/.
