I agree but to one extent. One could say we just open up WiFi like Starbucks. Students, Faculty, Staff, visitors, anyone could just simply hop on, check a box and connect.
But wouldn't it better to do it more like we do at home? Have some type of password or method of authenticating who can use the home network? After all, you wouldn't want anyone from the street to come over and open the spigot. Or just park in front of your house and just wardrive. A network with the simplest level of authentication for members of the community is the ideal solution. And if you want, also a "one-click" Guest network. But having students onboard I think it's overkill. My .02... On Fri, Apr 16, 2021 at 12:46 PM Jeffrey D. Sessler <j...@scrippscollege.edu> wrote: > I’m all for the connection experience being as simple as possible. We > subject our casual users to often extreme onboarding measures when they’ll > never experience this outside of their 4-years, or even outside the college > community. > > > > If we consider the forward march to SaaS and other aaS products in higher > education, in the not so distant future, we’ll run almost nothing > on-campus. Wireless will just be a commodity connection-point out to a > bunch of Internet services. If an end user can “do what they need” at the > myriad wifi hotspot locations in the US e.g. starbucks, then we shouldn’t > need to ask them to jump through more hoops just because they are on a > college campus. Is there such a thing as wireless elitism? > > > > Perhaps the challenge with wireless is that it’s still a service owned and > managed by IT? If the governance was customer focused, with goals centered > on community experience vs enterprise risk, perhaps a happy medium could be > reached between what the consumer of the service desires, and what those > managing it can provide? > > If my facilities director told me that the water spigot I wanted installed > in my building required a pass-code or onboarding before use, I’d consider > them crazy. After all, my home version requires a simple turn of the > handle. When I look at what lengths some of us have gone with our > college wifi, I wonder if the pass-code water spigot is far off. 😊 > > > > Jeff > > > > *From:* The EDUCAUSE Wireless Issues Community Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Lee H Badman > *Sent:* Friday, April 16, 2021 8:29 AM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* Re: [WIRELESS-LAN] WPA3/OWE as campus solution? > > > > All good input- again, just thinking free here... thanks for playing the > game. > > Lee Badman (mobile) > > > > On Apr 16, 2021, at 11:07 AM, David Logan <tarheeldav...@gmail.com> wrote: > > > > So - truly thinking out loud... > > > > 1. To Tim's point on lack of identity, the unstated requirement that could > be chosen to be fulfilled or not - there would need to be post-connect, > post-activity monitoring such that "bad activity" could be detected, > mitigated, prevented. Anybody and any device within throw range of the > WLAN could connect and do whatever they want, within the bounds of > monitoring and enforcement at L2/L3/L7. IRL - none of your doors have > locks, but you could choose to implement security cameras if someone you > don't know comes in to take the TV. > > > > 2. It certainly suggests creating "network segments of one" to ensure > that the ability for a bad actor with a connected device cannot recon nor > exploit the other local connected devices, systems, apps, protocols. > Suggests all local traffic would have to be firewalled or proxied, or else > the "network segment of one" architecture is unenforceable. > > > > 2a. OR - it suggests a "don't care what happens between non-IT > sanctioned systems" - i.e. if a bad actor on a moderately sized > broadcast domain/subnet co-opts an attached non-IT device (like a smart TV) > and "does something bad" - that's OK. This then suggests that *consequences > *of consumer IT product vendors implementing poor embedded software > systems/exploitable protocols would trickle down to the end-user and back > out to the consumer IT vendor. > > > > 2b. Also suggests that if the local network segments are not policed > using firewalls of some sort, then the local IT-managed systems (if there > ARE any) - definitely need to be up to date on patch management and support > and vendor-product-software security. > > > > -- Dave > > > > > > On Fri, Apr 16, 2021 at 10:33 AM Lee H Badman < > 000000db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote: > > Not sure how, or even if you’d need to depending on how it all worked. No > plan here, just discussion.. > > > > *Lee Badman* | Network Architect (CWNE#200) > > Information Technology Services > (NDD Group) > 206 Machinery Hall > 120 Smith Drive > Syracuse, New York 13244 > > *t* 315.443.3003 * e* lhbad...@syr.edu *w* its.syr.edu > > Campus Wireless Policy: > https://answers.syr.edu/display/network/Wireless+Network+and+Systems > > *SYRACUSE UNIVERSITY* > syr.edu > > > > *From:* The EDUCAUSE Wireless Issues Community Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Tim Cappalli > *Sent:* Friday, April 16, 2021 10:23 AM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* Re: [WIRELESS-LAN] WPA3/OWE as campus solution? > > > > How would you limit local services like printing, screen mirroring, media > casting, etc? > ------------------------------ > > *From:* The EDUCAUSE Wireless Issues Community Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Lee H Badman < > 000000db5b77bd95-dmarc-requ...@listserv.educause.edu> > *Sent:* Friday, April 16, 2021 10:17 > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > *Subject:* Re: [WIRELESS-LAN] WPA3/OWE as campus solution? > > > > Exactly- hance the notion of simplifying… relying on application security, > 2FA etc for actual security while making simply connecting much, much > easier. > > > > *Lee Badman* | Network Architect (CWNE#200) > > Information Technology Services > (NDD Group) > 206 Machinery Hall > 120 Smith Drive > Syracuse, New York 13244 > > *t* 315.443.3003 * e* lhbad...@syr.edu *w* its.syr.edu > > Campus Wireless Policy: > https://answers.syr.edu/display/network/Wireless+Network+and+Systems > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystems&data=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C27dfc8f182a44aed4cd308d900e27165%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637541794836879442%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=l7sSKIp95iXMYD5uRV%2F%2FbVgSsEaikmLNW%2FhYq1D0u0M%3D&reserved=0> > > *SYRACUSE UNIVERSITY* > syr.edu > > > > *From:* The EDUCAUSE Wireless Issues Community Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Tim Cappalli > *Sent:* Friday, April 16, 2021 10:16 AM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* Re: [WIRELESS-LAN] WPA3/OWE as campus solution? > > > > Just keep in mind that OWE does not have an identity layer. > ------------------------------ > > *From:* The EDUCAUSE Wireless Issues Community Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Lee H Badman < > 000000db5b77bd95-dmarc-requ...@listserv.educause.edu> > *Sent:* Friday, April 16, 2021 10:08 > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > *Subject:* [WIRELESS-LAN] WPA3/OWE as campus solution? > > > > One more for you all- anyone contemplating ditching 802.1X for the BYOD > side of your WLAN (not managed laptops and “business” clients) and > simplifying with OWE/WPA3? Like… the open network that’s actually > moderately secure leveraging the latest security options? > > > > Thanks, > > > > *Lee Badman* | Network Architect (CWNE#200) > > Information Technology Services > (NDD Group) > 206 Machinery Hall > 120 Smith Drive > Syracuse, New York 13244 > > *t* 315.443.3003 * e* lhbad...@syr.edu *w* its.syr.edu > > Campus Wireless Policy: > https://answers.syr.edu/display/network/Wireless+Network+and+Systems > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystems&data=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C27dfc8f182a44aed4cd308d900e27165%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637541794836889399%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8NCkz0FedufnGUcZpDDnCmeI4Gx4Exz%2ByaIUHso5OJc%3D&reserved=0> > > *SYRACUSE UNIVERSITY* > syr.edu > > > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C27dfc8f182a44aed4cd308d900e27165%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637541794836889399%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AAVmLXrmI9B4sTKHA1yhsOSbNDYDYUz2GHUw71tade8%3D&reserved=0> > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C27dfc8f182a44aed4cd308d900e27165%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637541794836899358%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=LphZNCklAUFdRTZegyIdubuk1%2FVGBGgRvpZ1jsRAvpA%3D&reserved=0> > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C27dfc8f182a44aed4cd308d900e27165%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637541794836899358%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=LphZNCklAUFdRTZegyIdubuk1%2FVGBGgRvpZ1jsRAvpA%3D&reserved=0> > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > -- °(((=((===°°°(((================================================ ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
