We use Vernier edgewalls and force guest users to register a username and password. Once their machine is scanned and determined 'complient' we allow all IP out to the Internet. We have been running in this way for about 8 months and have not had a problem.
Jeff McIntyre Network Systems Administrator II St. John Fisher College Phone-585-385-8020 -----Original Message----- From: Simon Kissler [mailto:[EMAIL PROTECTED] Sent: Friday, March 31, 2006 9:10 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Guest access Ok, I have to ask the question that's been sitting on my mind for a while now. All the places that essentially allow unauthenticated wireless (including asking for an e-mail that anybody could easily just put [EMAIL PROTECTED]): How do you deal with abuse ? I realize that your choice of protocols likely limits the options, but it's still quite viable (for example posting of content to a message board, blog comment, or other public space that triggers legal or law enforcement response) ? Many of the safe harbor provisions protecting us legally are predicated on our ability to "point the finger" at the real offender. If we're unable to do so, we automatically become liable for the actions. How do you track down misbehaving guest users ? -S On Fri, 31 Mar 2006, Joyce, Todd N wrote: > > We allow these services for Guest Wireless Access and we are working to > allow VPN to the outside. > > > > DNS - UDP 53 > > HTTP - TCP 80 > > HTTPS - TCP 443 > > > > > > Todd Joyce > Network Services > Radford University - The Smart Choice > [EMAIL PROTECTED] > (540) 831-7777 > > > > Keep your boots and ChapStick and ice hotels. > > Give me shorts and sandals and a thirty-blocker. > > > > Temperance Brennan - Monday Mourning > > > > ________________________________ > > From: Entwistle, Bruce [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 30, 2006 7:33 PM > To: [email protected] > Subject: [WIRELESS-LAN] Guest access > > > > We have recently installed a wireless network on a portion of the > campus. The student and administrators are all authenticated through a > front end device which validates user accounts against an LDAP server > running on a domain controller. However we now have the requirement > for guests of the campus to connect to the wireless network. We have > some ideas how we would like to handle this issue but are curious as to > what others have done to accommodate these guest connections. Please > let me know. > > > > Thank you > > Bruce Entwistle > > Network Manager > > University of Redlands > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. > ------------------------------------------------------------------------ ------- Simon Kissler [EMAIL PROTECTED] UNIX Systems Administrator Phone: (219) 464 6773 Electronic Information Services Fax : (219) 464 5381 Valparaiso University Kretzmann Hall B22 Valparaiso, IN 46383 ------------------------------------------------------------------------ ------- "They may forget what you said, but they will never forget how you made them feel." -Carl W. Buechner ------------------------------------------------------------------------ ------- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
