[ale] OT: laptops on a network, security

J.M. Taylor jtaylor at onlinea.com
Fri May 30 10:20:34 EDT 2003 

Good point, Jonathan, I really ought to know better about asking a vague
question like this. :) Let me see if I can collect my thoughts and
present a more specific  post.

We want to allow people to plug in their laptops. It is a political
necessity.  In most cases, the University does not provide laptops to
employees so we can consider all potential users (facutly, staff and
students) as having untrusted machines.

When a user gains access to our network using an untrusted machine, we
want to provide a limited set of functionality (web, campus printers,
and one or two specific services on specific machines).  I should think
that we want to protect our network against attacks (as much as is
feasable), and also we want to protect the world from idiots trying to
attack from our network.  Much of this is already in place for the
computer labs, and I don't know how flexible the setup would be to
accommodate different laptops being plugged in.

So my goals here are to find out
1) if other universities would share their solutions with us :)
2) what are the risks I'm not thinking of in this situation? ie, what do
I need to think of securitywise that normal precautions taken in a
computer lab can't cover (since the computer lab is a controlled OS, and
the laptops would not be).  I recognize that our options are very
limited, and that from a security perspective the outlook is pretty
grim.
3) Are there any technologies (such as RADIUS, of which I know next to
nothing of its capabilities) that I should be acquainted with that will
limit network access to authorized users, but not be machine-based?

I'm not in charge of this project, so a laundry list of further research
would be wonderful. I've never had any experience with this type of
network, so I don't even know what questions to ask (fortunately, I'm
not in charge of this project).  Thanks to all for the responses (and
the more interesting ways of dealing with repeat offenders!!).

Many thanks
jenn

Jonathan Rickman said:

>
> I suppose this all boils down to the classic security vs. practicality
> argument that can't be discounted.
...
> If I were doing an
> assessment on this professionally, I'd first want to know what your
> goals are.



_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list