Main Nav

Dear all:

Queens College, City University of New York is a public liberal arts college with over 20,000 students and 3,500 faculty and staff. 
That said, we offer wireless access all across our 77 acre campus.  To use our wireless service the student, faculty, staff, alums, guest has to provide credentials, usually their (AD Username and Password).
For guests, their e-mail address is provided and their bandwidth is throttled down providing slower Internet access.  That said our wifi is set up outside of our firewall and everyone basically has open access to the Internet. In order to use our internal applications additional authentication is required.

I want to move away from requiring any authentication as the only service our wifi is providing is direct access to the Internet. 

  1. Are there any schools offering unauthenticated wireless?
  2. Do these schools have any regulatory concerns?

I think if Starbucks can do it, airports can do it, why can't we?

Naveed Husain, CIO Queens College, CUNY
65-30 Kissena Blvd
Flushing, NY 11367
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.

Comments

Naveed,

The primary regulatory concern is CALEA.  See http://www.educause.edu/library/calea for background and compliance requirements for public networks.   We have remained private and require authentication for our wireless network.

 

=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=--=-=-=-=-=
Judi Basinski
Associate VP, Computing & Technology Services
SUNY Buffalo State
1300 Elmwood Ave. / TR206
Buffalo, NY 14222
phone: (716)  878-4611
basinsjb@buffalostate.edu

 

 

At Michigan State we operate two sets of services (each with its own SSID): one is authenticated for use by about 75,000 university faculty, staff, and students.  The other is offered as GUEST access with a click through agreement as to the proper use of the service; but its performance is otherwise unfettered.  We have not run into regulatory issues with this program.

 

Bruce Alexander

Judi,

Thank you for the response.  I thought of this too and that is why we have been requiring authentication, but why are Universities and Colleges bound by it and Starbucks and airports, train  stations, etc. are not?

Naveed,

It's not an issue of universities and colleges being bound to it and Starbucks/airports/train stations are not; they are. If you want to let yourself be categorized as a public (or non-private) network and comply with all the things that entails, you're free to do so. 


--

DAVID A. CURRY, CISSP • DIRECTOR OF INFORMATION SECURITY

THE NEW SCHOOL • 55 W. 13TH STREET • NEW YORK, NY 10011

+1 212 229-5300 x4728 • david.curry@newschool.edu



All,

We too have remained a private network and require the user to authenticate.  The exceptions, per the law, are the Library and Cafe areas where Guest is turned on with only requiring an email address.  And we do not validate the email address.

We use ARUBA equipment and are planning to purchase Clearpass.  This will provide for the students, staff and faculty to authenticate/provision their wireless devices once per year instead of having to login each time to use the wireless network.

This system will also allow students taking a 'community' class. who are not registered students with a Student ID, to obtain credentials for a one day Saturday class to learn how to use an iPod, for example.  This system will allow a member of the public or press to obtain credentials from a KIOSK to use the wireless network during a Board of Trustees meeting.

Sincerely,

Sharon Luciw
Director, Networks & Client Services
ETS
Foothill-De Anza Community College District
(650) 949-6161

"Security is Everyone's Responsibility"

NOW ACTIVE:  New ETS Request Tracking System.  Go To:  etshelp.fhda.edu
Sign in using your MyPortal login name and password.


If you have questions or concerns, please contact the Call Center at (408) 864-8324




For some more context, the 2012 CDS data show that about 65% of respondents have a separate authentication process for guest access to wireless (the second bar in the graph). And 31% of respondents provide open access to the public Internet. (the fourth bar)

 

 

 

 

Anyone who completed CDS in 2012, can access the detailed information on which institutions are offering open access. Anyone who completed in 2013 will have access soon!

 

Thanks

Pam

 

Pam Arroway Senior Statistician

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 303.544.5678 | main: 303.449.4430 | educause.edu

 

 

 

Hi

FIT has implemented an Aruba solution and their policy manager (Clearpass) allows several levels of permissions.  We currently provide guest access, but we broadcast the SSID by varying use cases.

 

We’ve talked about completely eliminating any authentication from our guest network, but our concern is that anyone within range would be accessing our wireless and consuming IP addresses.  We don’t want to create a download zone allowing anyone to utilize FIT services for doing whatever they want.

 

 

Gregg Chottiner

V.P. Information Technology / CIO

Fashion Institute of Technology

(O) 212.217.3400

(M) 917.578.0059

 

Naveed,

 

I remember removing all of our ‘guest access’ computers and removing the ability for guests to use our wireless system so, that we would be deemed a ‘private’ and not a ‘public’ network – in response to the CALEA act.  We still provide access to our ‘guests’ but, it through predetermined Active Directory usernames & passwords (where the passwords change often).   This was set forth a few years ago and conditions may have changed. Of course, properly complying with an Act  versus the potential for getting auditing  for fined are two different things.  Educause took a good leadership role in this Act and has many good resources.

 

Bill

 

Bill Edgette

Executive Director

Information Technology & Services

 

 

 

... which could, of course, include illegal file sharing activity that generates DMCA takedown notices to your institution. Also, if you’re a public institution, being in competition with commercial service providers may be another factor you’d want to consider.

 

-Kent

 

--

Kent Wada

Chief Privacy Officer

Director, Strategic IT Policy

UCLA

 

 

We are located in center city with access to all forms of wireless from Starbucks (three within spitting distance of our twelve buildings to retail firms that have not restricted access to their systems. Several years ago we put an emphasis on mobility and boosted our wireless coverage throughout our buildings (and into the street). To protect us we initiated authentication and continue today. Guests have access through a changing (every 30 days) access password and ID published weekly in our online newsletter. It appears to have worked well and we have little complaint. We are planning to bolster NAC in the coming months throughout our network and move to strong password management. I do not foresee any backlash. Tom Thomas H. Carnwath | Vice President | Technology and Information Services The University of the Arts | 320 South Broad Street | Philadelphia, PA 19102 | Tel: 215-717-6440 [cid:2CC8D9BA-9185-45FC-BFCD-5F3B46773110] Need Assistance? Call Oops (215-717-6677) to get answers. OTIS will never ask for your personal information or password in an email. Never share this information with anyone. This message and any attachment may contain confidential or privileged information and is intended for the intended individual named as addressee. If you are not the intended recipient of this message, please notify the sender immediately by return email and delete this message and all attachments from your system. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be deemed unlawful. Please consider the environment before printing this email. From: Naveed Husain > Reply-To: The EDUCAUSE CIO Constituent Group Listserv > Date: Wednesday, October 23, 2013 12:08 PM To: "CIO@LISTSERV.EDUCAUSE.EDU" > Subject: [CIO] Wireless Password & Authentication Policy Dear all: Queens College, City University of New York is a public liberal arts college with over 20,000 students and 3,500 faculty and staff. That said, we offer wireless access all across our 77 acre campus. To use our wireless service the student, faculty, staff, alums, guest has to provide credentials, usually their (AD Username and Password). For guests, their e-mail address is provided and their bandwidth is throttled down providing slower Internet access. That said our wifi is set up outside of our firewall and everyone basically has open access to the Internet. In order to use our internal applications additional authentication is required. I want to move away from requiring any authentication as the only service our wifi is providing is direct access to the Internet. 1. Are there any schools offering unauthenticated wireless? 2. Do these schools have any regulatory concerns? I think if Starbucks can do it, airports can do it, why can't we? Naveed Husain, CIO Queens College, CUNY 65-30 Kissena Blvd Flushing, NY 11367 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Hi,
There are three points we considered when deliberating open access on wireless networks.

1)  Capacity
We know that we are not funded to provide unlimited wireless network capacity with high performance to the general public.  Given that, we need to make sure that our wireless network performs best for those paying the bill - our students. 

2) DMCA complaints
Under the Higher Ed Reauthorization Act, we believe we need to identify and remove from network access those people who share materials in violation of copyright, or we put our financial aid awarding status at risk.  This was reaffirmed by our legal office.  With that guideline, we need to have people authenticate to use the network in order to identify them for later copyright violations.

3)  CALEA
We recently requested a legal review of CALEA requirements and compliance, and the assigned attorney believes that this still applies and that we need to stay a "private network."   That said, the attorney also gave the opinion that certain areas of the campus could be public without compromising compliance.

We've translated those points into these practices.

We allow public access in our library, but individuals have to register and get an access account at the circulation desk.  This has helped with DMCA traps, or what I believe to be traps.  There's a certain level of the porn industry that I think makes more money through copyright settlement than through original sales (this is my personal opinion).  We've had a couple cases of people coming to our library, and using the wireless Internet to access porn in violation of the copyright of the porn.  These generate settlement letters, not the usual copyright notice letters, and the settlement dollars I've heard from these letters are extraordinarily high.  Have registered access in the library significantly reduces the porn viewing and copyright issues.

We have a golf course on campus, and there's an associated restaurant.  We pushed them to a separate commodity network connection so that they could be completely open to patrons.  That said, they recently complained to us that they had patrons come in, buy an iced tea, and sit there all day to use the network.  That drove up their costs.  They've recently put up signs saying that essentially there's a time limit for sitting there without ordering; this is a capacity management issue.

In our student center or in Meadow Brook Hall, a historical campus facility used for small meetings, we've worked out a registered guest system to handle events.

In general, the campus wireless access is limited to students, faculty, and staff, in alignment with mission, in order to manage capacity and costs.

Theresa

So there isn't one campus answer, but a variety of solutions





At Notre Dame, we recently transitioned from a closed guest network that required registration by a faculty or staff member to an open guest network that does not require any authentication.  This was driven by an increased demand for a “Starbucks-like” service on campus that provided guests with easy access to the network.

 

We addressed the capacity issue by using rate limiting.  At this time, we are not rate limiting individual connections, but the entire guest network is rate limited in aggregate to avoid having an impact on our authenticated networks.  We’ve had some serious load tests of the guest network on football weekends this fall and, other than some initial reconfiguration that we needed to make, this approach is working out well for us.

 

Theresa, we also explored the DMCA issue and, like you, feel that we must terminate access for repeat offenders.  We’ve opted to do this on a per-device basis by blocking offending MAC addresses from accessing the guest network. 

 

It is important to point out that we are a suburban campus and we don’t have many “neighbors” to speak of.  We do operate wireless networks at some of our satellite facilities in urban areas (Chicago, Rome, London, Dublin), but these are all closed, authenticated networks because we don’t want to bear the burden of providing open wireless access in that type of environment.

 

I should also note that our guest wireless network is segregated from our campus network and those on the guest network have no access to campus resources other than that provided to anyone who is located off campus.  We continue to operate a secure wireless network for members of the campus community that does provide this access.  We also run eduroam on campus and place users connecting to that network onto either the campus or guest network, depending upon whether they have an active affiliation with Notre Dame.

 

Best regards,

Mike

 

Michael J. Chapple, Ph.D.

Senior Director, IT Service Delivery

Concurrent Assistant Professor, Computer Applications

University of Notre Dame

230 IT Center   Notre Dame, IN 46556

P: 574-631-5863  |  M: 574-274-0151

mchapple@nd.edu

 

 

 

 

From: The EDUCAUSE CIO Constituent Group Listserv [mailto:CIO@LISTSERV.EDUCAUSE.EDU] On Behalf Of Theresa Rowe
Sent: Thursday, October 24, 2013 8:53 AM
To: CIO@LISTSERV.EDUCAUSE.EDU
Subject: Re: [CIO] Wireless Password & Authentication Policy

 

Hi,
There are three points we considered when deliberating open access on wireless networks.

1)  Capacity

We know that we are not funded to provide unlimited wireless network capacity with high performance to the general public.  Given that, we need to make sure that our wireless network performs best for those paying the bill - our students. 

2) DMCA complaints

Under the Higher Ed Reauthorization Act, we believe we need to identify and remove from network access those people who share materials in violation of copyright, or we put our financial aid awarding status at risk.  This was reaffirmed by our legal office.  With that guideline, we need to have people authenticate to use the network in order to identify them for later copyright violations.

3)  CALEA

We recently requested a legal review of CALEA requirements and compliance, and the assigned attorney believes that this still applies and that we need to stay a "private network."   That said, the attorney also gave the opinion that certain areas of the campus could be public without compromising compliance.

We've translated those points into these practices.

We allow public access in our library, but individuals have to register and get an access account at the circulation desk.  This has helped with DMCA traps, or what I believe to be traps.  There's a certain level of the porn industry that I think makes more money through copyright settlement than through original sales (this is my personal opinion).  We've had a couple cases of people coming to our library, and using the wireless Internet to access porn in violation of the copyright of the porn.  These generate settlement letters, not the usual copyright notice letters, and the settlement dollars I've heard from these letters are extraordinarily high.  Have registered access in the library significantly reduces the porn viewing and copyright issues.

We have a golf course on campus, and there's an associated restaurant.  We pushed them to a separate commodity network connection so that they could be completely open to patrons.  That said, they recently complained to us that they had patrons come in, buy an iced tea, and sit there all day to use the network.  That drove up their costs.  They've recently put up signs saying that essentially there's a time limit for sitting there without ordering; this is a capacity management issue.

In our student center or in Meadow Brook Hall, a historical campus facility used for small meetings, we've worked out a registered guest system to handle events.

In general, the campus wireless access is limited to students, faculty, and staff, in alignment with mission, in order to manage capacity and costs.

Theresa

 

So there isn't one campus answer, but a variety of solutions

 

 

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.