wireless/remote access (was: what are your country`s requirements for privacy in schools?)

["C. Gatzemeier" <c.gatzemeier@tu-bs.de>]

Am Friday 22 October 2004 00:12 schrieb Ben Higginbottom:

> Teaching the staff about good security practises such as alphanumeric
> passwords that are changed regularly and are never written down, coupled
> with levels of network, server side security and human monitoring will
> give you better security than a magic bullet solution.

Yep, sure. My comment was mostly about the wireless network access. What 
client devices did you have in mind?

For equipment that does not belong to (is administered by) the own 
organisation the plan for my network so far is to only allow certain services 
like a restricted https server for example.

Own wireless equipment (laptops or remote routers) would be configured to use 
the vpn to get full access to the rest of the (wired) infrastructure. So 
users can log-in at a wireless laptop or remote building's lan the same way 
they do on wired workstations. They authenticate themselves  to the auth 
server or optionally (off site and/or not connected to the net) localy.

I think MAC checks could be a good additional way in trying to detect 
inconsistencies in the local net.

Regards,
Christian