Our traffic for public access wifi devices are on a separate vlan that is routed back through our network and in to a port on our firewall where the stateful packet inspection runs the gamut of tests (IPS, Antivirus, Content Filter, Spyware). The firewall blocks all outbound net traffic and only allows traffic in to our network destined for our webproxy filter. So the only thing public devices can do is surf the net if they enter our proxy address in to their browser. No server access is allowed on untrusted devices.
>>> "Michael T. Bendorf" <bendo...@a-ccentral.us> 10/20/2010 5:33 PM >>> Now that my wireless is installed (last AP fired up this afternoon) I have had requests for the password to get on. I have not provided that to anyone, but rather explained that things were not ready for public access yet... All of my district owned equipment has the PSK and can connect as though they are hard wired...but I wonder what other districts do for public access. For instance I had a student from the neighboring district want to get online here to do some homework before practice (we co-op with this other school.) I really felt bad saying not yet - but that is the truth of it. We have an active directory and we push out browser proxy settings via GPO. Everyone must firs sign our current AUP and then they must authenticate with our CIPAFilter before egressing to the Internet. I want to provide "the public" access to a filtered Internet experience. I do not want visiting mobile devices to access anything other than the public Internet. This seems pretty strightforward, but something I have not set up before. Even more than just the config of my HP ProCurve MSM APs/Controller my real question is how do you address this from a policy point of view? Do you have a separate document? Do you ask guests to sign something? Click on something? Is it part of your general AUP? etc?.?.?. --Michael T. Bendorf-- Technology Administrator A-C Central C.U.S.D. #262 Google Voice: 217.408.0043 "I'm trying to teach myself to ask the same questions that you do during your lectures so that I do not need you any more." A good teacher is like a candle - it consumes itself to light the way for others. "The computer revolution hasn't started yet. Don't be misled by the enormous flow of money into bad defacto standards for unsophisticated buyers using poor adaptations of incomplete ideas." - Alan Kay
| Subscription info at http://www.tech-geeks.org |
