From: Patrick Nixon (PNIXON@ci.somerville.ma.us)
Date: Tue Apr 17 2001 - 14:31:55 CDT
Ahhh, see no computer gets deployed on my network without one of our techs
configuring it, and we'll know if someone is using a rogue IP address from
doing ping sweeps. If it doesn't have a DDNS name, it's a rogue or needs to
be looked at very closely to see what the problem is. Since we're not an
education system, we can strong-arm our users into a lot more wonderful
stuff :)
--Patrick
-----Original Message-----
From: Steve Hideg [mailto:hideg@saintmarys.edu]
Sent: Tuesday, April 17, 2001 2:10 PM
To: netreg@southwestern.edu
Subject: RE: NetReg: Students with more then one computer
That makes sense. Unfortunately, you're stuck with entering MAC
addresses manually. Also unfortunately, netreg (web forms in general,
actually) provides a weak assurance at best that the user actually
read the AUP (of course, the fact that they 'signed' it can be used
to hold them liable). Again, this relies on cooperation of the client
machines. That shouldn't be a problem if you're pre-configuring
machines for less savvy users, but more intelligent/malicious users
(or fathers of students who "know about computers") could easily
bypass it by manually entering an IP address.
Sigh.
Block packets by MAC address at the router (should do wonders for
throughput, eh?) or live with a few rogue systems that you may have
to track down. I feel your pain.
(How many parenthetical phrases can I use in one email message?)
++Steve
At 11:56 AM -0400 4/17/01, Patrick Nixon wrote:
>Heh, since I'm getting a couple of questions I'll detail my situation.
>
>As an entity we, like everyone else, has a AUP/Telecomm Policy. While
>providing the information in the New employee Package is 'adequate' it's
>also time consuming to push it out to all the new users as we were just
>getting Internet access widespread. We needed a way to have the users
>acceptance of the AUP be logged or prohibit them access. With some minor
>changes to netreg this is a completely plausible idea. Before we were
only
>allowing certain users out on the internet using host entries with their
mac
>addresses in dhcpd.conf. By utilizing netreg, we are forcing them to
'sign'
>the AUP with their password, logging the date and time it was 'signed' and
>then permitting them out. Unfortunately since we have a lot of legacy
>pre-technology people in our entity, not all the users are permitted to be
>on the internet. This is a policy decision and not something IT is happy
>about, but we do what we're told to.
>Also, by using netreg, it forced me to build a web interface to manage the
>MAC address and integrate it into netreg.
>
>Overall, everyone is please with the system that we devised around netreg.
>Currently we have 107 users registered, which is about 90% of our
>'authorized' users.
>
>--Patrick
>
>-----Original Message-----
>From: Peter Valian [mailto:valianp@southwestern.edu]
>Sent: Tuesday, April 17, 2001 10:47 AM
>To: netreg@southwestern.edu
>Subject: Re: NetReg: Students with more then one computer
>
>
>Patrick,
>
>Now what good would NetReg be if you already knew the users' MACs? :)
>
>-p
>
>Patrick Nixon wrote:
>>
>> While my reasoning for the solution was different from the one you have
>> below, you could build in a MAC Checking routine to only allow certain
MAC
>> Addresses to register on the network. This is something a large amount
of
>> cable companies do for their cablemodem networks. While it does add
some
>> overhead to the registration process, it is feasible and would limit the
>> accessibility of other users ports. While it is possible for another
>> student to register a machine for the multi-pc'd student, the amount of
>> effort for calling up the Campus IT department is usually beyond most
>> student's time or effort.
>>
>> Now, I don't work in the campus environment so my point of view may be
>> askew.
>>
>> --Patrick
>>
>> -----Original Message-----
>> From: Nick Ciesinski [mailto:fletch26@charter.net]
>> Sent: Monday, April 16, 2001 11:48 PM
>> To: netreg@southwestern.edu
>> Subject: NetReg: Students with more then one computer
>>
>> We have it set up right now that some of our buildings have just enough
>IP's
>> to cover each port, but not any more then that. The problem is that
some
>> students are bringing more then one PC to school with them (if not 3!).
>We
>> want to have it so a student can not have a 2nd PC in the room to help
>> reduce the possibility of exhausting the available IP's in a subnet.
Does
>> anyone know a way that this can be done?? I know I can only let a user
>> register once, but what's to stop the user from walking down that hall
and
>> asking someone without a computer for them to register the machine for
>them.
>> I am looking for a way that the user can not bypass the restriction. I
>was
>> thinking something with SNMP but couldn't think of anything that may
work.
>> I figured I would ask you to see if anyone else has any ideas.
>>
>> Thanks,
>>
>> Nick Ciesinski
>> University Wisconsin Whitewater
>> Residence Life Computing
>>
>> **********************************************************************
>> To unsubscribe from this list, send an e-mail message to
>> majordomo@southwestern.edu containing a single line with the words:
>> unsubscribe netreg
>> Send requests for assistance to: owner-netreg@southwestern.edu
>> **********************************************************************
>> **********************************************************************
>> To unsubscribe from this list, send an e-mail message to
>> majordomo@southwestern.edu containing a single line with the words:
>> unsubscribe netreg
>> Send requests for assistance to: owner-netreg@southwestern.edu
>> **********************************************************************
>
>--
>Peter Valian
>Network & Systems Administrator
>Southwestern University
>Georgetown, Texas
>512.863.1586 office
>512.863.1605 fax
>--
>**********************************************************************
>To unsubscribe from this list, send an e-mail message to
>majordomo@southwestern.edu containing a single line with the words:
>unsubscribe netreg
>Send requests for assistance to: owner-netreg@southwestern.edu
>**********************************************************************
>**********************************************************************
>To unsubscribe from this list, send an e-mail message to
>majordomo@southwestern.edu containing a single line with the words:
>unsubscribe netreg
>Send requests for assistance to: owner-netreg@southwestern.edu
>**********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:35 CDT