Dave Molta


Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

See more from this blogger

The Challenges Of Wi-Fi Guest Access

Earlier today, I was passing by a conference room in the building where I work on the Syracuse University campus. One of our business partners from a local technology incubator was sitting in the conference room working on his laptop computer, trying to make productive use of his time before a meeting. I stopped in to say hello and it didn't take long before he related his frustration about the performance of our campus wireless network. This network is well engineered for performance, but I knew immediately that he was trying to use the guest access system. Performance was indeed abysmal, reminiscent of the days of dial-up networking. Needless to say, it didn't leave our visitor, someone we very much want to spend time on campus, feeling very good about our campus information services.

It's been over 10 years since I left my position as Director of Network and System Services to work as a faculty member in the School of Information Studies. During that time, I've been pretty heavily involved in wireless networking as a technology editor and analyst and I've also worked pretty closely with our central IT Services organization as they've rolled out Wi-Fi services across campus. During the early development of this network, I lobbied hard for guest access services. We have lots of campus visitors, including vendors, guest speakers, and family of students and prospective students. Many of these visitors come to campus with Wi-Fi equipped laptops and PDA's and they relish the opportunity to connect to the Internet while visiting. I thought the business case for providing guest access was pretty compelling and I was disappointed that my initial lobbying was met with considerable resistance from the network staff.

In an era of heightened awareness of information security issues, I guess I shouldn't have been all that surprised that some folks would find the notion of unauthenticated guest wireless access to be a little threatening. These are the same folks whose responsibility it is to remediate the security issues that often result when infected computers connect to the campus network. Information security professionals are often risk averse. Hey, you'd be a little paranoid too if you had to fix all the problems caused by malware while taking heat from management for not being more proactive. The end result is often a management technique I've long referred to as "mini-maxing." Faced with security threats, network administrators often attempt to minimize their maximum regret, to protect against worst case scenarios, even when the adverse impact, in terms of user inconvenience and lost productivity, should be readily apparent.

Once we got past the visceral reaction to open guest wireless access, we were able to hammer out a plan that seemed acceptable to all parties. By using wireless VLANs, some virtual network segmentation, and port restrictions, we were able to offer guest access to the Internet to our visitors without the need to authenticate. This was totally acceptable to campus visitors, and even though the lack of security left them somewhat vulnerable to eavesdropping, it was no different than what they would experience at Starbucks or hundreds of other open access Wi-Fi hotspots. Our more sophisticated visitors protected themselves using a VPN connection. The rest took their chances, relying on internal firewalls and application-layer security for modest protection.

Working out these arrangements required a little bit of compromise by all parties involved. In exchange for getting my way with guest access, I reluctantly agreed that it would be acceptable to throttle performance for these users, both to insure that they didn't impact wireless performance of authorized campus users (given the small numbers of guests, I didn't think this argument had much merit) and more importantly, to discourage campus users from bypassing the secure wireless network. Given the configuration complexities of the 802.11i-based security system, that concern seemed more reasonable. We also investigated our legal liabilities (e.g., an unauthenticated guest user sending out kiddie porn, there's that mini-maxing again) and a reputable attorney advised us that it wasn't a problem.


Page:  1 | 2  | Next Page »


Related Reading


More Insights


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013



TechWeb Careers