". Closing it off is too much is really a "denial of service" created against good users because of a very small number of bad users. I see a lot of inadvertent "denial of service"”
I couldn't agree more with John on this point. We used to, and apparently some schools still do, offer guest access but throttle it way down to the point of frustrating users. I finally concluded that it is just wrong and even embarrassing to offer a service that you make suck on purpose. We offer a guest service that we validate by cell phone number through Bluesocket. It works pretty well, although we have had our reliability issues. Also, their web page design options don't seem to really have a clue about good user interface design. In our sports stadium we offer an open service, but the stadium doesn't border any nearby neighborhoods, and we have the ability to schedule it by event. What is also interesting is that the CALEA recommendations really seem to focus on giving Law enforcement access, and not necessarily identifying users in the past. I do wonder why we in .edu's seem to obsess about identifying people. As has been pointed out, it is wide open in enough restaurants, city streets and airports. IN addition, I have never heard of a case of someone getting in trouble for offering open access. If this has ever happened, I would love to hear the details. Pete Morrissey -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jonn Martell Sent: Thursday, May 15, 2014 8:38 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] requests for open, unauthenticated, no portal WiFi This in an interesting topic. It seems to be all over the map. If the coffee shop can provide open access, then what is the argument against a University having an SSID "coffee-shop" that is back ended to a standard cable modem? Yes, the argument against having an open SSID on your main EDU network is valid if you carry unauthenticated traffic on your backbone but some EDUs appear to do it. UBC in town has an open unauthenticated network these days. If you need to balance providing access or not, I always try to make the network accessible. Closing it off is too much is really a "denial of service" created against good users because of a very small number of bad users. I see a lot of inadvertent "denial of service" under the security umbrella... If it was my decision, I would make a network open but back-ended to a speed limited, commodity cable network ISP type of connection. If it goes down or gets taken down, it only impacts that link, not the whole campus. Jonn Martell (not speaking on behalf of my EDU). Director of Technical Operations Vancouver Campus On Thu, May 15, 2014 at 4:16 PM, Steve Bohrer <skboh...@simons-rock.edu> wrote: > On May 15, 2014, at 4:54 PM, Hugh Flemington <hugh.fleming...@queensu.ca> > wrote: >> >> I’m curious about the freedom of coffee shops and airports to have open >> internet access. Don’t they have to meet the same sorts of standards as we >> do? > > In terms of CALEA at least, a college campus looks a lot more like an ISP > than a typical coffee shop with a wifi router does. In the coffee shop case, > presumably any CALEA requests would go to their upstream provider, who I > assume could capture all the packets to or from that customer’s modem. > > Conversely, many campuses don’t have a simple single “upstream”, and the > total volume of campus traffic may be Gigabits rather than the few tens of > Megabits. > > Educause provided a general document when CALEA was new, with > suggestions for how a campus might be classified as a exempt or not. I > found it on the Educause CALEA summary page ( > http://www.educause.edu/library/calea ) in the main paragraph, which > links to "Thinking Through the CALEA Exempt/Non-Exempt Issue” : > http://www.educause.edu/ir/library/pdf/CSD4607.pdf > > Based on the above, any local coffee shops I’ve encountered would be exempt, > as they merely have a “commercial” cable or DSL account. A big airport with > centrally provided open enterprise-class wireless might be a harder call, but > it seems dependent on the details of their connection to their upstream, e.g. > who owns the electronics at each end of their link. > > Steve Bohrer > ITS, Bard College at Simon's Rock > 413-528-7645 > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. -- -- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
