RE: [fw-wiz] Locking down public wireless access
From: Smith, Aaron (SmithA_at_byui.edu)
Date: 02/22/05
- Previous message: Paul Melson: "FW: [fw-wiz] Username password VS hardware token plus PIN"
- Maybe in reply to: Chris Bills: "[fw-wiz] Locking down public wireless access"
- Next in thread: Mark Gumennik: "RE: [fw-wiz] Locking down public wireless access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Chris Bills" <billschr@gmail.com>, <firewall-wizards@honor.icsalabs.com> Date: Tue, 22 Feb 2005 11:59:58 -0700
We've used a gateway appliance from Bluesocket.com to provide a similar
setup. The authentication is web-based using https. It ties into our
backend directory and provides different access based on who the user
is. Bluesocket can also require that you make a VPN tunnel to get
access, but we didn't like that idea.
We don't encrypt anything because we didn't feel that protecting the
data was worth the time it would take to manage it (do you need to
encrypt Bobby's email to Suzy saying, "Can I borrow your notes from
biology class?"). Application layer crypto is good enough to protect
registration and personal data. When employees start using it, we will
start encrypting it at the network layer.
If you want to use the WRT54G, check out www.sveasoft.com for some
custom firmware. They have releases that may do what you're looking
for. Good luck,
@@ron Smith
-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Chris
Bills
Sent: Saturday, February 19, 2005 11:31 AM
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] Locking down public wireless access
At my university, the computer science department would like to offer
wireless access to computer science students, but would like the
access to not be anonymous. Current problems with unrestricted access
to the internet are obvious, anonymous kids downloading porn, movies,
mp3s, etc, and as the university allowed this to happen, they could be
held liable.
enforcing a logon policy would help limit the university's liability
in said situations.
ideally, we would like to implement a system in which the user will
connect to un-encrypted wireless, but any attempts to get out will be
redirected to the authentication page. Once the user logs in, they
will be given the WEP key of the day, and then they will have
unrestricted access.
I'm investigating the usage of Linksys WRT45G routers, with a modified
firmware, but I have no actual experience with this. I would like to
look into other methods of doing this, as well, such as Perfigo (which
has now been acquired by Cisco)...
If you have any suggestions for hardware, or existing documentation
floating on the net about how to achieve this sort of setup, please
let me know.
Chris
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul Melson: "FW: [fw-wiz] Username password VS hardware token plus PIN"
- Maybe in reply to: Chris Bills: "[fw-wiz] Locking down public wireless access"
- Next in thread: Mark Gumennik: "RE: [fw-wiz] Locking down public wireless access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
