[unisog] Wireless ResNet Experiences
Jim.Dillon at cusys.edu
Wed Jun 5 21:52:42 GMT 2002
While the resnet may seem like supporting PtoP for the kiddies, you should
take some care in considering the type of protections and warnings
(policies, information, orientation) you will provide each participant,
particularly if your institution is one of those that requires students to
live on campus their freshman year and/or uses SS# for student ID. Now you
are dealing with student information and you may be seen as not taking due
care if you don't make some efforts to protect your wireless (or wired)
network or "disclaim" the weaknesses of it.
Unfortunately this may mean that VPNs or secure client software for everyone
involved might be necessary. I don't know of any case yet where someone has
claimed that the provided infrastructure was not sufficient to meet their
privacy (FERPA?) rights/expectations, but you may wish to consider what
communications or what infrastructure will protect you from that
potentiality. If I (Joe student) had to live in the dorm, and my option was
wireless, but there was no protection and my info/SS# got snagged and
misused, you might become the scapegoat. I wouldn't be too hasty to give up
on Mac registration, but I can't say it is necessary either.
Just some words of mild warning and consideration in an environment of ever
increasing privacy expectations. It is good diligence to be able to
demonstrate some careful consideration of the potential consequences and
justification for your eventual choice. (Of course its frightfully bad to
be diligent and then ignore the consequences, so...)
Jim Dillon, CISA
IT Audit Manager
jim.dillon at cusys.edu
Dept. Phone: 303-492-9730
From: William Diehl III [mailto:willdieh at lasierra.edu]
Sent: Wednesday, June 05, 2002 10:16 AM
To: unisog at sans.org
Subject: [unisog] Wireless ResNet Experiences
Our university has recently decided to re-open one of its abandoned
dormitories next fall and has asked that it be wired for ethernet (resnet).
Rather than installing 240 new connections, I was considering making it a
The main advantages would be lower installation costs and overall ease of
installation (the building is very old and has NO conduit).
Anyone have any experience/comment on this type of idea?
The main issues I see are related to EUA enforcement - we would need some
system of validating EUA agreements before activation. For our other
dormitories, we have a paper form which leads to port activation via snmp. I
certainly don't want to have to keep track of everyone's MAC addresses.
La Sierra University
More information about the unisog