We had one come up today. Police needing access to system but from a few blocks away (out of eye sight). My wireless connection may reach the sidewalk out front but I doubt the signal is even 25% there. What do you do in a disaster plan to get the police access to video footage inside the building?
-Heath Henderson On Oct 21, 2010, at 1:36 PM, Michael Bendorf <bendo...@gmail.com> wrote: > What about purely public. Sounds like Zobel does not let strangers on during > ball games, how about the rest of you? What about the neighbors that live > across the street or next door? > > I am really trying to find an acceptable middle ground. I do not want to go > into the ISP business, but I want to share this resource with my community. > > > --Michael T. Bendorf-- > Technology Administrator > A-C Central C.U.S.D. #262 > 217.476.3312 ext. 2019 > Cellular: 217.306.6824 > > "I'm trying to teach myself to ask the same questions that you do during your > lectures so that I do not need you any more." > > A good teacher is like a candle - it consumes itself to light the way for > others. > > "The computer revolution hasn't started yet. Don't be misled by the enormous > flow of money into bad defacto standards for unsophisticated buyers using > poor adaptations of incomplete ideas." > > - Alan Kay > > > On Thu, Oct 21, 2010 at 11:16 AM, Daniel Zobel <zob...@husd4.k12.il.us> wrote: > I haven't changed anything specifically in my AUP, but I probably should, > this was kind of the trial run to see if people used it and how it worked. I > only really have students on and they have all signed an AUP. I don't have a > user authentication trail, but I have their MAC address in the wireless and > can see them move around from AP to AP. The filter records everything so I > have a trail that way too and the filter is really locked down. I had to > open it a little because yahoo was fully blocked. They can't do anything > that I would block on the regular side, so webmail, myspace and facebook are > blocked. They can search and look up general stuff. I have DHCP so I can > see the name of the device so in our school I could look through Skyward and > have staff pick out the student who had the device. If I found something > funny I can block the MAC right on the wireless and then they are done. I > have not heard complaints about I can't get to this site. I think most > students think that they are being sneeky because they are on the wireless. > They aren't suppose to have the devices out during the school day so there > isn't much traffic. > > I have had our wireless up for 2 years and had students ask when is it going > to get opened up and I always told them I wasn't until I could control it. > What I want to do is connect everything via LDAP, but Ruckus hasn't pushed > out the eDir LDAP part. So if I switch to Windows I can have direct user > authentication and would bring students in under that, but still keep them > tunneled to the outside world. With staff I create a user on the wireless > and it manages the user by installing a program on the device to set > everything up from what SSID it uses to the group they are in. > > The stuff I am more worried about is the MI-Fi's that is see come up on the > wireless system and other things like that can allow others to access. Even > our iMacs can turn into a hot spot so I am happy with the guest part. > > Dan > > >>> "Michael T. Bendorf" <bendo...@a-ccentral.us> 10/21/2010 9:57 AM >>> > > Dan, that is awesome and exactly what I am planning to do over the next > couple weeks, but did you add any verbage to your AUP to address it. Also, > how do you handle abuse without an associated AAA trail? > > --Michael T. Bendorf-- > Technology Administrator > A-C Central C.U.S.D. #262 > Google Voice: 217.408.0043 > > "I'm trying to teach myself to ask the same questions that you do during your > lectures so that I do not need you any more." > > A good teacher is like a candle - it consumes itself to light the way for > others. > > "The computer revolution hasn't started yet. Don't be misled by the enormous > flow of money into bad defacto standards for unsophisticated buyers using > poor adaptations of incomplete ideas." > - Alan Kay > > > > On Thu, Oct 21, 2010 at 9:53 AM, Daniel Zobel <zob...@husd4.k12.il.us> wrote: > This is one on the things I love about my Ruckus system. It has a built I'm > guest ssid that I put on it's own vlan and it auto tunnels to the outside. It > has an aup that says you are under the schools agreement of the aup. I have > to give rights to the tunnel to hit our webserver. With my filter, cynphonix, > then it is set to even stricter settings then student filtering, but they can > still do what they want for the basic stuff. I also put the filter on a time > limit so the guest only works from 7:45 - 4:00 during the weekday. I also put > a bandwidth limit that allows only a trickle up and down. The majority of > people use it for their iPods. Some students bring in a laptop. It works > really well. > > Dan > > Sent from my iPhone > > On Oct 21, 2010, at 9:35 AM, Ben Story <ben.st...@gmail.com> wrote: > >> In the Cisco controllers there is the concept of a lobby ambassador role. >> This person is given access to the controllers and is allowed to create a >> temporary username and password for the guest network. the guest is then >> prompted by a capture portal for those credentials along with the AUP. In >> this scenario, the school secretary or someone like that would have to give >> the person access. Not great for sporting events, but during the day it >> would work well and keep the kids off the guest network. >> >> On Thu, Oct 21, 2010 at 9:16 AM, Michael T. Bendorf <bendo...@a-ccentral.us> >> wrote: >> right - sure - just MAY - but I agree that it is expected and frankly: we >> want to offer it. >> I just want to document it and have policy to point to: right now our AUP is >> written in language that assumes the user is logging into AD with assigned >> credentials. >> Public access does away with most of Authentication, Authorization, and >> Accounting (AAA.) It also seems to open a door for students to jump over to >> the public side with whatever device they have brought in to get online >> without leaving an obvious trail. The content would still be filtered, but >> the AAA is gone... >> >> >> --Michael T. Bendorf-- >> Technology Administrator >> A-C Central C.U.S.D. #262 >> Google Voice: 217.408.0043 >> >> "I'm trying to teach myself to ask the same questions that you do during >> your lectures so that I do not need you any more." >> >> A good teacher is like a candle - it consumes itself to light the way for >> others. >> >> "The computer revolution hasn't started yet. Don't be misled by the enormous >> flow of money into bad defacto standards for unsophisticated buyers using >> poor adaptations of incomplete ideas." >> - Alan Kay >> >> >> >> On Thu, Oct 21, 2010 at 9:11 AM, Bob Morse <bmo...@d168.org> wrote: >> The new e-rate rules do not mandate that if our Internet access is paid for >> by e-rate that we MUST give access to the public. >> >> -----Original Message----- >> From: tech-geeks-boun...@tech-geeks.org >> [mailto:tech-geeks-boun...@tech-geeks.org] On Behalf Of JimHays >> Sent: Thursday, October 21, 2010 8:52 AM >> To: Tech-Geeks Mailing List >> Subject: Re: [tech-geeks] Public Wireless access policy >> >> At some point we need to understand and realize that we are not in a >> corporation but we are a public service institution paid for by public >> money. With the proliferation of wireless devices - and wait until >> Christmas this year when almost EVERYONE will have either a smartphone >> or some kind of wireless Internet device - the public will expect to >> have access when they attend school events. We can't just hid behind >> our conservative, staff-only, policies. We need to adjust with the >> times and give the public what is expected. Even USAC realizes this now >> with their new rule changes which allow public access to school networks >> paid for by E-Rate funds. (Be sure you understand those rules before >> giving public access to E-Rate funded Internet. At this time we don't >> use E-Rate to pay for our Internet so we are not governed by those rules >> even though our public access does fall under the new rules' scope.) >> >> Heath Henderson wrote: >> > We have a similar stance but have to allow people such as tri county >> special ed doing IEP work and visiting student teachers etc on at some >> > Point. I don't like it but really what is stopping them from jacking into >> a port on the network and getting physical access that way. Lesser of the >> unhook of a cable is easier for me to deal with. >> > >> > -Heath Henderson >> > >> > On Oct 21, 2010, at 7:17 AM, Dan Ragen <dera...@gmail.com> wrote: >> > >> > >> >> While I don't have a District wide or School wide wireless system the >> >> access points i do have a re for >> >> District personnel only. I think that you may run into trouble >> >> letting others in. Think of it this way, Would you let >> >> some one in on one of your desktops? I usually take a very >> >> conservative approach to this type of situation. >> >> >> >> >> >> On Wed, Oct 20, 2010 at 5:33 PM, Michael T. Bendorf >> >> <bendo...@a-ccentral.us> wrote: >> >> >> >>> Now that my wireless is installed (last AP fired up this afternoon) I >> have >> >>> had requests for the password to get on. >> >>> I have not provided that to anyone, but rather explained that things >> were >> >>> not ready for public access yet... >> >>> All of my district owned equipment has the PSK and can connect as though >> >>> they are hard wired...but I wonder what other districts do for public >> >>> access. For instance I had a student from the neighboring district want >> to >> >>> get online here to do some homework before practice (we co-op with this >> >>> other school.) I really felt bad saying not yet - but that is the truth >> of >> >>> it. >> >>> We have an active directory and we push out browser proxy settings via >> GPO. >> >>> Everyone must firs sign our current AUP and then they must authenticate >> with >> >>> our CIPAFilter before egressing to the Internet. I want to provide "the >> >>> public" access to a filtered Internet experience. I do not want visiting >> >>> mobile devices to access anything other than the public Internet. This >> seems >> >>> pretty strightforward, but something I have not set up before. >> >>> Even more than just the config of my HP ProCurve MSM APs/Controller my >> real >> >>> question is how do you address this from a policy point of view? Do you >> have >> >>> a separate document? Do you ask guests to sign something? Click on >> >>> something? Is it part of your general AUP? etc?.?.?. >> >>> >> >>> --Michael T. Bendorf-- >> >>> Technology Administrator >> >>> A-C Central C.U.S.D. #262 >> >>> Google Voice: 217.408.0043 >> >>> "I'm trying to teach myself to ask the same questions that you do during >> >>> your lectures so that I do not need you any more." >> >>> >> >>> A good teacher is like a candle - it consumes itself to light the way >> for >> >>> others. >> >>> >> >>> "The computer revolution hasn't started yet. Don't be misled by the >> enormous >> >>> flow of money into bad defacto standards for unsophisticated buyers >> using >> >>> poor adaptations of incomplete ideas." >> >>> - Alan Kay >> >>> >> >>> | Subscription info at http://www.tech-geeks.org | >> >>> >> >>> >> >> >> >> -- >> >> Daniel E. Ragen >> >> District Technology Coordinator >> >> Dupo CUSD 196 >> >> 600 Louisa Ave >> >> Dupo, IL 62239 >> >> Phone - 618-286-3214 x2141 >> >> dra...@dupo.stclair.k12.il.us >> >> >> >> ''Life's tough ... it's even tougher if you're stupid." >> >> - John Wayne >> >> | Subscription info at http://www.tech-geeks.org | >> >> >> > | Subscription info at http://www.tech-geeks.org | >> > >> >> | Subscription info at http://www.tech-geeks.org | >> >> >> | Subscription info at http://www.tech-geeks.org | >> >> >> | Subscription info at http://www.tech-geeks.org | >> >> >> >> -- >> -- >> Ben Story >> CCSP, CCNA, CCNA Wireless, CCDA >> ben.st...@gmail.com >> >> "You cannot escape the responsibility of tomorrow by evading it today. -- >> Abraham Lincoln > >> | Subscription info at http://www.tech-geeks.org | > > | Subscription info at http://www.tech-geeks.org | > > > | Subscription info at http://www.tech-geeks.org | > > | Subscription info at http://www.tech-geeks.org |
| Subscription info at http://www.tech-geeks.org |
