[Micronet] WiFi options for short term visitors/guests - CalVisitor not "safe" to use?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] WiFi options for short term visitors/guests - CalVisitor not "safe" to use?

Beth Muramoto
Now that AirBears has retired and CalVisitor is being recommended for general web surfing where encryption isn't an issue, I wondered about short term guests who are here for more than a couple of days or for a month maximum who are not getting CalNet IDs (or getting affiliate status) to create AirBears2 keys, but are, for example, logging into email servers from home institutions, some in other countries. Isn't using CalVisitor, which isn't encrypted, ill advised to recommend?

Also, it wasn't clear whether the AirBears guest account option is still an available option. I've assumed that it went away with AirBears, but I still see the link at the site. We have created 7 day guest accounts for guests coming for meetings here. Also, it sounds like the CalNet sponsorship option doesn't give AirBears2 access.

Just wanted to know how all of you are handling these temporary wifi access situations.

Thanks as always for your perspective.

Beth


--
***********************************************
Beth Muramoto
Computer Resource Specialist
Graduate School of Education
University of California, Berkeley
1650 Tolman Hall
Berkeley, CA 94720
Email:  mailto:[hidden email]
Phone:  (510) 643-0203 
Fax:  (510) 643-6239

“Finish each day and be done with it. You have done what you could. Some blunders and absurdities have crept in – forget them as soon as you can. Tomorrow is a new day. You shall begin it serenely and with too high a spirit to be encumbered with your old nonsense.”
                            -Emerson

This is the essence of forgiveness. You can't change what happened but you can make sure it doesn't have the power to prevent you from being happy tomorrow.
                           
                             -Paul Boese

“Kind words do not cost much yet they accomplish much.” 

                            -Blaise Pascal


***********************************************


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] WiFi options for short term visitors/guests - CalVisitor not "safe" to use?

Charles Lam
Beth,

If you have access to a Special Purpose Account (SPA), you can use it to log in to AB2.  I recently used a newly created SPA for some external auditors who needed access to their own VPN server.

Below are instructions copied strict from CSS-IT's wiki:

Step-by-step guide

  1. Go to the Manage My Keys page http://idc.berkeley.edu/mmk
  2. You can log in one of 2 ways:
    1. username: spa account name+calnetid (ex: spa-econhelp+mycalnetid, password is personal calnet passphrase of client
    2. username: +calnetid, password is personal calnet passphrase. This will bring up a list of accounts and allow the person to choose the departmental account.
  3. Once logged in, set your AirBears2 key as usual

When logging into AirBears2, use the following:

username: spa account name (ex: spa-econhelp)

password: AirBears2 key you just defined 


Charles Lam
Tech Lead - Lower Bancroft (Zone 4)
Campus Shared Services IT
University of California, Berkeley

To request IT services, please choose one of the three methods below:
1. Call us at (510) 664-9000, option 1 – fastest method!
2. E-mail us at [hidden email]
3. Submit a ticket


On Tue, Sep 15, 2015 at 7:57 AM, Beth Muramoto <[hidden email]> wrote:
Now that AirBears has retired and CalVisitor is being recommended for general web surfing where encryption isn't an issue, I wondered about short term guests who are here for more than a couple of days or for a month maximum who are not getting CalNet IDs (or getting affiliate status) to create AirBears2 keys, but are, for example, logging into email servers from home institutions, some in other countries. Isn't using CalVisitor, which isn't encrypted, ill advised to recommend?

Also, it wasn't clear whether the AirBears guest account option is still an available option. I've assumed that it went away with AirBears, but I still see the link at the site. We have created 7 day guest accounts for guests coming for meetings here. Also, it sounds like the CalNet sponsorship option doesn't give AirBears2 access.

Just wanted to know how all of you are handling these temporary wifi access situations.

Thanks as always for your perspective.

Beth


--
***********************************************
Beth Muramoto
Computer Resource Specialist
Graduate School of Education
University of California, Berkeley
1650 Tolman Hall
Berkeley, CA 94720
Email:  mailto:[hidden email]
Phone:  <a href="tel:%28510%29%20643-0203" value="+15106430203" target="_blank">(510) 643-0203 
Fax:  <a href="tel:%28510%29%20643-6239" value="+15106436239" target="_blank">(510) 643-6239

“Finish each day and be done with it. You have done what you could. Some blunders and absurdities have crept in – forget them as soon as you can. Tomorrow is a new day. You shall begin it serenely and with too high a spirit to be encumbered with your old nonsense.”
                            -Emerson

This is the essence of forgiveness. You can't change what happened but you can make sure it doesn't have the power to prevent you from being happy tomorrow.
                           
                             -Paul Boese

“Kind words do not cost much yet they accomplish much.” 

                            -Blaise Pascal


***********************************************



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] WiFi options for short term visitors/guests - CalVisitor not "safe" to use?

Beth Muramoto
Charles,

This is COOL! I'm just learning the various ways I can use our departmental spa accounts for access like this so thanks for educating me on another one. We have Airs that get checked out on loan and I was just pondering how to get them onto AirBears2 without using a person CalNet ID. Your idea was brilliant.

Would distributing a departmental account or creating one to create an associated AirBears2 key to disseminate to guests for their laptops etc. make sense as a strategy for the need for encrypted wifi access?

Beth

On Tue, Sep 15, 2015 at 8:04 AM, Charles Lam <[hidden email]> wrote:
Beth,

If you have access to a Special Purpose Account (SPA), you can use it to log in to AB2.  I recently used a newly created SPA for some external auditors who needed access to their own VPN server.

Below are instructions copied strict from CSS-IT's wiki:

Step-by-step guide

  1. Go to the Manage My Keys page http://idc.berkeley.edu/mmk
  2. You can log in one of 2 ways:
    1. username: spa account name+calnetid (ex: spa-econhelp+mycalnetid, password is personal calnet passphrase of client
    2. username: +calnetid, password is personal calnet passphrase. This will bring up a list of accounts and allow the person to choose the departmental account.
  3. Once logged in, set your AirBears2 key as usual

When logging into AirBears2, use the following:

username: spa account name (ex: spa-econhelp)

password: AirBears2 key you just defined 


Charles Lam
Tech Lead - Lower Bancroft (Zone 4)
Campus Shared Services IT
University of California, Berkeley

To request IT services, please choose one of the three methods below:
1. Call us at <a href="tel:%28510%29%20664-9000" value="+15106649000" target="_blank">(510) 664-9000, option 1 – fastest method!
2. E-mail us at [hidden email]
3. Submit a ticket


On Tue, Sep 15, 2015 at 7:57 AM, Beth Muramoto <[hidden email]> wrote:
Now that AirBears has retired and CalVisitor is being recommended for general web surfing where encryption isn't an issue, I wondered about short term guests who are here for more than a couple of days or for a month maximum who are not getting CalNet IDs (or getting affiliate status) to create AirBears2 keys, but are, for example, logging into email servers from home institutions, some in other countries. Isn't using CalVisitor, which isn't encrypted, ill advised to recommend?

Also, it wasn't clear whether the AirBears guest account option is still an available option. I've assumed that it went away with AirBears, but I still see the link at the site. We have created 7 day guest accounts for guests coming for meetings here. Also, it sounds like the CalNet sponsorship option doesn't give AirBears2 access.

Just wanted to know how all of you are handling these temporary wifi access situations.

Thanks as always for your perspective.

Beth


--
***********************************************
Beth Muramoto
Computer Resource Specialist
Graduate School of Education
University of California, Berkeley
1650 Tolman Hall
Berkeley, CA 94720
Email:  mailto:[hidden email]
Phone:  <a href="tel:%28510%29%20643-0203" value="+15106430203" target="_blank">(510) 643-0203 
Fax:  <a href="tel:%28510%29%20643-6239" value="+15106436239" target="_blank">(510) 643-6239

“Finish each day and be done with it. You have done what you could. Some blunders and absurdities have crept in – forget them as soon as you can. Tomorrow is a new day. You shall begin it serenely and with too high a spirit to be encumbered with your old nonsense.”
                            -Emerson

This is the essence of forgiveness. You can't change what happened but you can make sure it doesn't have the power to prevent you from being happy tomorrow.
                           
                             -Paul Boese

“Kind words do not cost much yet they accomplish much.” 

                            -Blaise Pascal


***********************************************



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.





--
***********************************************
Beth Muramoto
Computer Resource Specialist
Graduate School of Education
University of California, Berkeley
1650 Tolman Hall
Berkeley, CA 94720
Email:  mailto:[hidden email]
Phone:  (510) 643-0203 
Fax:  (510) 643-6239

“Finish each day and be done with it. You have done what you could. Some blunders and absurdities have crept in – forget them as soon as you can. Tomorrow is a new day. You shall begin it serenely and with too high a spirit to be encumbered with your old nonsense.”
                            -Emerson

This is the essence of forgiveness. You can't change what happened but you can make sure it doesn't have the power to prevent you from being happy tomorrow.
                           
                             -Paul Boese

“Kind words do not cost much yet they accomplish much.” 

                            -Blaise Pascal


***********************************************


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] WiFi options for short term visitors/guests - CalVisitor not "safe" to use?

Graham Patterson

It is reasonable for departmental assets. An SPA account has many of the
rights of a real person, and an AirBears2 key is one of them. I use an
SPA account on one of our Android Players for our Navori display manager
so that it can get AirBears. Useful to be able to hook up a screen
anywhere in wireless range and get full digital signage control.

One area where you may need to plan ahead is if you have a lot of
devices - you do not want them all booted off the network because one
device caused the account to be blocked for wireless service.

I would not put an SPA account on non-university equipment.

Graham


On 9/15/15 9:12 AM, Beth Muramoto wrote:

> Charles,
>
> This is COOL! I'm just learning the various ways I can use our
> departmental spa accounts for access like this so thanks for educating
> me on another one. We have Airs that get checked out on loan and I was
> just pondering how to get them onto AirBears2 without using a person
> CalNet ID. Your idea was brilliant.
>
> Would distributing a departmental account or creating one to create an
> associated AirBears2 key to disseminate to guests for their laptops etc.
> make sense as a strategy for the need for encrypted wifi access?
>
> Beth
>
> On Tue, Sep 15, 2015 at 8:04 AM, Charles Lam <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Beth,
>
>     If you have access to a Special Purpose Account (SPA), you can use
>     it to log in to AB2.  I recently used a newly created SPA for some
>     external auditors who needed access to their own VPN server.
>
>     Below are instructions copied strict from CSS-IT's wiki:
>
>
>         Step-by-step guide
>
>      1. Go to the Manage My Keys page http://idc.berkeley.edu/mmk
>      2. You can log in one of 2 ways:
>          1. username: spa account name+calnetid (ex:
>             spa-econhelp+mycalnetid, password is personal calnet
>             passphrase of client
>          2. username: +calnetid, password is personal calnet passphrase.
>             This will bring up a list of accounts and allow the person
>             to choose the departmental account.
>      3. Once logged in, set your AirBears2 key as usual
>
>     When logging into AirBears2, use the following:
>
>     username: spa account name (ex: spa-econhelp)
>
>     password: AirBears2 key you just defined
>
>
>     *Charles Lam*
>     Tech Lead - Lower Bancroft (Zone 4)
>     Campus Shared Services IT <http://sharedservices.berkeley.edu/it/>
>     University of California, Berkeley
>
>     *To request IT services, please choose one of the three methods below:
>     *
>     1. Call us at *(510) 664-9000 <tel:%28510%29%20664-9000>*, option 1
>     – */fastest method!/*
>     2. E-mail us at [hidden email] <mailto:[hidden email]>
>     3. Submit a ticket
>     <https://shared-services-help.berkeley.edu/new_ticket/it>
>
>     On Tue, Sep 15, 2015 at 7:57 AM, Beth Muramoto
>     <[hidden email] <mailto:[hidden email]>> wrote:
>
>         Now that AirBears has retired and CalVisitor is being
>         recommended for general web surfing where encryption isn't an
>         issue, I wondered about short term guests who are here for more
>         than a couple of days or for a month maximum who are not getting
>         CalNet IDs (or getting affiliate status) to create AirBears2
>         keys, but are, for example, logging into email servers from home
>         institutions, some in other countries. Isn't using CalVisitor,
>         which isn't encrypted, ill advised to recommend?
>
>         Also, it wasn't clear whether the AirBears guest account option
>         is still an available option. I've assumed that it went away
>         with AirBears, but I still see the link at the site. We have
>         created 7 day guest accounts for guests coming for meetings
>         here. Also, it sounds like the CalNet sponsorship option doesn't
>         give AirBears2 access.
>
>         Just wanted to know how all of you are handling these temporary
>         wifi access situations.
>
>         Thanks as always for your perspective.
>
>         Beth
>
>
>         --
>         ***********************************************
>         Beth Muramoto
>         Computer Resource Specialist
>         Graduate School of Education
>         University of California, Berkeley
>         1650 Tolman Hall
>         Berkeley, CA 94720
>         Email:  mailto:[hidden email] <mailto:[hidden email]>
>         Phone:  (510) 643-0203 <tel:%28510%29%20643-0203>
>         Fax:  (510) 643-6239 <tel:%28510%29%20643-6239>
>
>         “Finish each day and be done with it. You have done what you
>         could. Some blunders and absurdities have crept in – forget them
>         as soon as you can. Tomorrow is a new day. You shall begin it
>         serenely and with too high a spirit to be encumbered with your
>         old nonsense.”
>                                     -Emerson
>
>         This is the essence of forgiveness. You can't change what
>         happened but you can make sure it doesn't have the power to
>         prevent you from being happy tomorrow.
>                                    
>                                      -Paul Boese
>
>         “Kind words do not cost much yet they accomplish much.”
>
>                                     -Blaise Pascal
>
>
>         ***********************************************
>
>
>
>         -------------------------------------------------------------------------
>         The following was automatically added to this message by the
>         list server:
>
>         To learn more about Micronet, including how to subscribe to or
>         unsubscribe from its mailing list and how to find out about
>         upcoming meetings, please visit the Micronet Web site:
>
>         http://micronet.berkeley.edu
>
>         Messages you send to this mailing list are public and
>         world-viewable, and the list's archives can be browsed and
>         searched on the Internet.  This means these messages can be
>         viewed by (among others) your bosses, prospective employers, and
>         people who have known you in the past.
>
>         ANNOUNCEMENTS: To send announcements to the Micronet list,
>         please use the [hidden email]
>         <mailto:[hidden email]> list.
>
>
>
>
>
> --
> ***********************************************
> Beth Muramoto
> Computer Resource Specialist
> Graduate School of Education
> University of California, Berkeley
> 1650 Tolman Hall
> Berkeley, CA 94720
> Email:  mailto:[hidden email] <mailto:[hidden email]>
> Phone:  (510) 643-0203
> Fax:  (510) 643-6239
>
> “Finish each day and be done with it. You have done what you could. Some
> blunders and absurdities have crept in – forget them as soon as you can.
> Tomorrow is a new day. You shall begin it serenely and with too high a
> spirit to be encumbered with your old nonsense.”
>                             -Emerson
>
> This is the essence of forgiveness. You can't change what happened but
> you can make sure it doesn't have the power to prevent you from being
> happy tomorrow.
>                            
>                              -Paul Boese
>
> “Kind words do not cost much yet they accomplish much.”
>
>                             -Blaise Pascal
>
>
> ***********************************************
>
>
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
> ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
>


--
Graham Patterson, Systems Administrator
Rm 111, Lawrence Hall of Science, UC Berkeley   510-643-1984
"...past the iguana, the tyrannosaurus, the mastodon, the mathematical
puzzles, and the meteorite..." - used to be the directions to my office.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] WiFi options for short term visitors/guests - CalVisitor not "safe" to use?

Greg Merritt
In reply to this post by Beth Muramoto
but are, for example, logging into email servers from home institutions, some in other countries.

This example would only be a giant problem if they accessed their email via non-secure protocols, right?  Is this very common any more?

-Greg



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] WiFi options for short term visitors/guests - CalVisitor not "safe" to use?

Beth Muramoto
In reply to this post by Graham Patterson
Thanks for your insight here, Graham. I was thinking the same about not sharing an spa account generated AirBears2 key to give guests access outside of CalVisitor for the very reasons you mentioned because guests often bring their own equipment to present with.

This still begs the question of what other alternatives are there if encryption is needed. I just now got an email about someone conducting a Saturday class with non-Berkeley attendees who need wifi access. Do you or anyone in Micronet know if the AirBears Guest Account feature still works?



On Tue, Sep 15, 2015 at 9:34 AM, Graham Patterson <[hidden email]> wrote:

It is reasonable for departmental assets. An SPA account has many of the
rights of a real person, and an AirBears2 key is one of them. I use an
SPA account on one of our Android Players for our Navori display manager
so that it can get AirBears. Useful to be able to hook up a screen
anywhere in wireless range and get full digital signage control.

One area where you may need to plan ahead is if you have a lot of
devices - you do not want them all booted off the network because one
device caused the account to be blocked for wireless service.

I would not put an SPA account on non-university equipment.

Graham


On 9/15/15 9:12 AM, Beth Muramoto wrote:
> Charles,
>
> This is COOL! I'm just learning the various ways I can use our
> departmental spa accounts for access like this so thanks for educating
> me on another one. We have Airs that get checked out on loan and I was
> just pondering how to get them onto AirBears2 without using a person
> CalNet ID. Your idea was brilliant.
>
> Would distributing a departmental account or creating one to create an
> associated AirBears2 key to disseminate to guests for their laptops etc.
> make sense as a strategy for the need for encrypted wifi access?
>
> Beth
>
> On Tue, Sep 15, 2015 at 8:04 AM, Charles Lam <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Beth,
>
>     If you have access to a Special Purpose Account (SPA), you can use
>     it to log in to AB2.  I recently used a newly created SPA for some
>     external auditors who needed access to their own VPN server.
>
>     Below are instructions copied strict from CSS-IT's wiki:
>
>
>         Step-by-step guide
>
>      1. Go to the Manage My Keys page http://idc.berkeley.edu/mmk
>      2. You can log in one of 2 ways:
>          1. username: spa account name+calnetid (ex:
>             spa-econhelp+mycalnetid, password is personal calnet
>             passphrase of client
>          2. username: +calnetid, password is personal calnet passphrase.
>             This will bring up a list of accounts and allow the person
>             to choose the departmental account.
>      3. Once logged in, set your AirBears2 key as usual
>
>     When logging into AirBears2, use the following:
>
>     username: spa account name (ex: spa-econhelp)
>
>     password: AirBears2 key you just defined
>
>
>     *Charles Lam*
>     Tech Lead - Lower Bancroft (Zone 4)
>     Campus Shared Services IT <http://sharedservices.berkeley.edu/it/>
>     University of California, Berkeley
>
>     *To request IT services, please choose one of the three methods below:
>     *
>     1. Call us at *<a href="tel:%28510%29%20664-9000" value="+15106649000">(510) 664-9000 <tel:%28510%29%20664-9000>*, option 1
>     – */fastest method!/*
>     2. E-mail us at [hidden email] <mailto:[hidden email]>
>     3. Submit a ticket
>     <https://shared-services-help.berkeley.edu/new_ticket/it>
>
>     On Tue, Sep 15, 2015 at 7:57 AM, Beth Muramoto
>     <[hidden email] <mailto:[hidden email]>> wrote:
>
>         Now that AirBears has retired and CalVisitor is being
>         recommended for general web surfing where encryption isn't an
>         issue, I wondered about short term guests who are here for more
>         than a couple of days or for a month maximum who are not getting
>         CalNet IDs (or getting affiliate status) to create AirBears2
>         keys, but are, for example, logging into email servers from home
>         institutions, some in other countries. Isn't using CalVisitor,
>         which isn't encrypted, ill advised to recommend?
>
>         Also, it wasn't clear whether the AirBears guest account option
>         is still an available option. I've assumed that it went away
>         with AirBears, but I still see the link at the site. We have
>         created 7 day guest accounts for guests coming for meetings
>         here. Also, it sounds like the CalNet sponsorship option doesn't
>         give AirBears2 access.
>
>         Just wanted to know how all of you are handling these temporary
>         wifi access situations.
>
>         Thanks as always for your perspective.
>
>         Beth
>
>
>         --
>         ***********************************************
>         Beth Muramoto
>         Computer Resource Specialist
>         Graduate School of Education
>         University of California, Berkeley
>         1650 Tolman Hall
>         Berkeley, CA 94720
>         Email:  mailto:[hidden email] <mailto:[hidden email]>
>         Phone:  <a href="tel:%28510%29%20643-0203" value="+15106430203">(510) 643-0203 <tel:%28510%29%20643-0203>
>         Fax:  <a href="tel:%28510%29%20643-6239" value="+15106436239">(510) 643-6239 <tel:%28510%29%20643-6239>
>
>         “Finish each day and be done with it. You have done what you
>         could. Some blunders and absurdities have crept in – forget them
>         as soon as you can. Tomorrow is a new day. You shall begin it
>         serenely and with too high a spirit to be encumbered with your
>         old nonsense.”
>                                     -Emerson
>
>         This is the essence of forgiveness. You can't change what
>         happened but you can make sure it doesn't have the power to
>         prevent you from being happy tomorrow.
>
>                                      -Paul Boese
>
>         “Kind words do not cost much yet they accomplish much.”
>
>                                     -Blaise Pascal
>
>
>         ***********************************************
>
>
>
>         -------------------------------------------------------------------------
>         The following was automatically added to this message by the
>         list server:
>
>         To learn more about Micronet, including how to subscribe to or
>         unsubscribe from its mailing list and how to find out about
>         upcoming meetings, please visit the Micronet Web site:
>
>         http://micronet.berkeley.edu
>
>         Messages you send to this mailing list are public and
>         world-viewable, and the list's archives can be browsed and
>         searched on the Internet.  This means these messages can be
>         viewed by (among others) your bosses, prospective employers, and
>         people who have known you in the past.
>
>         ANNOUNCEMENTS: To send announcements to the Micronet list,
>         please use the [hidden email]
>         <mailto:[hidden email]> list.
>
>
>
>
>
> --
> ***********************************************
> Beth Muramoto
> Computer Resource Specialist
> Graduate School of Education
> University of California, Berkeley
> 1650 Tolman Hall
> Berkeley, CA 94720
> Email:  mailto:[hidden email] <mailto:[hidden email]>
> Phone:  <a href="tel:%28510%29%20643-0203" value="+15106430203">(510) 643-0203
> Fax:  <a href="tel:%28510%29%20643-6239" value="+15106436239">(510) 643-6239
>
> “Finish each day and be done with it. You have done what you could. Some
> blunders and absurdities have crept in – forget them as soon as you can.
> Tomorrow is a new day. You shall begin it serenely and with too high a
> spirit to be encumbered with your old nonsense.”
>                             -Emerson
>
> This is the essence of forgiveness. You can't change what happened but
> you can make sure it doesn't have the power to prevent you from being
> happy tomorrow.
>
>                              -Paul Boese
>
> “Kind words do not cost much yet they accomplish much.”
>
>                             -Blaise Pascal
>
>
> ***********************************************
>
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
> ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
>


--
Graham Patterson, Systems Administrator
Rm 111, Lawrence Hall of Science, UC Berkeley   <a href="tel:510-643-1984" value="+15106431984">510-643-1984
"...past the iguana, the tyrannosaurus, the mastodon, the mathematical
puzzles, and the meteorite..." - used to be the directions to my office.


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.



--
***********************************************
Beth Muramoto
Computer Resource Specialist
Graduate School of Education
University of California, Berkeley
1650 Tolman Hall
Berkeley, CA 94720
Email:  mailto:[hidden email]
Phone:  (510) 643-0203 
Fax:  (510) 643-6239

“Finish each day and be done with it. You have done what you could. Some blunders and absurdities have crept in – forget them as soon as you can. Tomorrow is a new day. You shall begin it serenely and with too high a spirit to be encumbered with your old nonsense.”
                            -Emerson

This is the essence of forgiveness. You can't change what happened but you can make sure it doesn't have the power to prevent you from being happy tomorrow.
                           
                             -Paul Boese

“Kind words do not cost much yet they accomplish much.” 

                            -Blaise Pascal


***********************************************


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] WiFi options for short term visitors/guests - CalVisitor not "safe" to use?

Allison Henry-2
In reply to this post by Beth Muramoto

We've discussed with the CalNet team, and would like to take the
opportunity to clarify security policies and appropriate use for various
wireless network options on the campus.

For guests without a CalNet affiliate status, there are currently two
campus wireless options, CalVisitor and eduroam.

The eduroam service is available for guests with valid accounts at
participating academic institutions, and offers the same service as
Airbears2. If security issues are detected on an eduroam host, the home
institution will be contacted, and if problems continue the offending
MAC address may be blocked from our network.

CalVisitor is a free, unencrypted wireless service available to all
campus visitors. Limited network services are allowed, though guests can
use 3rd party VPN services to gain encryption and access to other
services. When security issues are detected, the MAC address is blocked
from CalVisitor. These blocks do not expire and support/troubleshooting
is not offered.

While AirBears2 keys can be set for SPAs, it is *not* appropriate to
share these account credentials with campus guests for use on their
personal devices. SPAs are designed for campus departmental users to
share access to certain resources assigned to the department and not to
an individual. Only those authorized in the department to use the SPA
should be given access to SPA authentication keys.

The use case Graham describes, using a SPA AB2 key to connect shared
departmental devices to the wireless network, is consistent with this
policy and is appropriate. Handing out SPA AB2 keys to guests and
visitors is not, just as you would not share your personal AB2 key with
a guest.

If we detect security issues with an AB2 host using a SPA, we will
notify the SPA administrator(s). It is up to these administrators to
find the offending device using the SPA and re-mediate the issue. If
this cannot be accomplished, the SPA AB2 key will be reset and all
devices using it will lose connectivity. If problems continue we may
block the SPA from using Airbears entirely. As such, if you are sharing
AB2 keys among many devices (personal or SPA), it is important that all
of those devices are under your control and that you maintain some level
of inventory.

Also, I would encourage anyone who feels that the current needs for
wireless guest access are not being met to speak up. Letting campus
service providers know about your unmet use cases is always preferable
to quiet workarounds that may compromise security and violate campus
policies. Thanks and let us know if you have any questions,


--
Allison Henry
Security Operations Manager
Information Security and Policy
University of California, Berkeley
http://security.berkeley.edu

On 9/15/15 7:57 AM, Beth Muramoto wrote:

> Now that AirBears has retired and CalVisitor is being recommended for
> general web surfing where encryption isn't an issue, I wondered about
> short term guests who are here for more than a couple of days or for a
> month maximum who are not getting CalNet IDs (or getting affiliate
> status) to create AirBears2 keys, but are, for example, logging into
> email servers from home institutions, some in other countries. Isn't
> using CalVisitor, which isn't encrypted, ill advised to recommend?
>
> Also, it wasn't clear whether the AirBears guest account option is still
> an available option. I've assumed that it went away with AirBears, but I
> still see the link at the site. We have created 7 day guest accounts for
> guests coming for meetings here. Also, it sounds like the CalNet
> sponsorship option doesn't give AirBears2 access.
>
> Just wanted to know how all of you are handling these temporary wifi
> access situations.
>
> Thanks as always for your perspective.
>
> Beth
>
>
> --
> ***********************************************
> Beth Muramoto
> Computer Resource Specialist
> Graduate School of Education
> University of California, Berkeley
> 1650 Tolman Hall
> Berkeley, CA 94720
> Email:  mailto:[hidden email] <mailto:[hidden email]>
> Phone:  (510) 643-0203
> Fax:  (510) 643-6239
>
> “Finish each day and be done with it. You have done what you could. Some
> blunders and absurdities have crept in – forget them as soon as you can.
> Tomorrow is a new day. You shall begin it serenely and with too high a
> spirit to be encumbered with your old nonsense.”
>                             -Emerson
>
> This is the essence of forgiveness. You can't change what happened but
> you can make sure it doesn't have the power to prevent you from being
> happy tomorrow.
>                            
>                              -Paul Boese
>
> “Kind words do not cost much yet they accomplish much.”
>
>                             -Blaise Pascal
>
>
> ***********************************************
>
>
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
> ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
>

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.