We have been using a wide-open, broadcast SSID that is limited to Web browsing and email. If the user wants more he has to go through our VPN so we know who he is.
Because of CALEA, we are dropping this SSID by Fall. By that time, all users will be required to use WPA/WPA2. Our management has decided that older devices that cannot support WPA/WPA2 will just lose wireless access rather than put us in possible violation of CALEA. (Our legal folks have determined that we may or may not actually be covered by CALEA -- there are a lot of reasons to argue either way that are outside the scope of this discussion. However, they think that the safest course for us is to limit wireless access to faculty/staff/students only.) We will provide a way (yet to be developed) for faculty/staff to sponsor guests (ie, vendors, conference attendees, etc) and get a RADIUS account created quickly for them. The sponsor will be responsible for identifying the user and inputting sufficient information into the registration process that we would have a reasonable expectation of pointing a law enforcement agency to them. -jcw > To: [email protected] > From: Hector J Rios <[EMAIL PROTECTED]> > Subject: Re: [WIRELESS-LAN] Open Wireless in Higher Ed > Date: Wed, 26 Mar 2008 11:02:49 -0500 > Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv > <[email protected]> > > I'd be interested to hear some comments on the CALEA question as well. > > Hector > > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[EMAIL PROTECTED] On Behalf Of Chris Gauthier > Sent: Wednesday, March 26, 2008 10:19 AM > To: [email protected] > Subject: Re: [WIRELESS-LAN] Open Wireless in Higher Ed > > Not intending to hijack this thread, but to supplement it, I am curious > about what other organizations are doing for CALEA compliance with > respect to wireless, especially if you're leaving open access to the > Internet. > > Thanks, > > Chris > > > > Daniel Bennett wrote: > > We are looking at technologies such as Radius, Cisco Clean Access, > etc. to require our wireless client to authenticate to our network. > Currently we have an open, unsecured wireless network. What are you > Higher Ed institutions implementing to make sure that only valid users > are using your wireless networks? If your policy is to do nothing then > please indicate that as well. > > > > Thanks > > > > Daniel R. Bennett > > CompTIA Security+ > > Information Technology Security Analyst > > Pennsylvania College of Technology > > One College Ave > > Williamsport, PA 17701 > > (P) 570.329.4989 > > > > ********** > > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > > > -- > Chris Gauthier, CCNA, Network+, A+ > Network Administration Team > Portland Community College > Portland, Oregon > > "For once you have tasted flight you will walk the earth with your eyes > turned skywards, for there you have been and there you will long to > return." > --Leonardo da Vinci > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list > can be found at http://www.educause.edu/groups/. > ------------------------------------- John Watters UA: OIT 205-348-3992 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
