Thank you everyone for your responses and discussion. This has helped me
gather more information as we look to find a simpler solution for our students.
Kurtis Olsen
Director – Network & Telecom
Utah Valley University
800 W University Prkway
Orem, UT 84058
801-863-8000
**
Replies to E
I won't argue for or against TLS or for other methods without understanding the
context and use case… What fits the risk/benefit/cost profile for a particular
community or subset? Observationally, eduroam reports show only 5% of visitors
to our university utilizing TLS.
We labbed up the MITM
Hi William.
“Most need no instructions and figure it out on their own,” may not be the
virtue you think it is. How many of these users figuring it out on their own
are validating your RADIUS server certs? Self-configuration invites MiM
attacks that can harvest account credentials. It’s preci
We’ve found its easier for our community to onboard to our 802.1x SSID with the
native supplicant of the device, rather than download and run an installer (are
dropping the installer). Most need no instructions and figure it out on their
own.
While we offer an iPSK SSID, it is not as easy— per
I think your problem is the NAC solution... I was one of the first to deploy
campus wide NAC (2006) and then we pushed agents a few years after. The time
for NAC agents has come and gone in my mind. We have removed it from
practically every place that has it. There is one large school that s
Amen- NAC is often a solution to problems that either don't exist or that don't
warrant the weight of the NAC. These solutions are not without value per se,
but at onboarding time? Nah.
Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 S
Kurtis,
If students are using an open SSID as a general purpose wireless network, you
may want to require them to fire up a VPN session to get to trusted resources
(LMS, scheduling, bursar, etc).
Thanks,
Brad
From: The EDUCAUSE Wireless Issues Community Group Listserv
[mailto:WIRELESS-LAN@LISTS
We currently use an open network with private IP addressing that is very
limited on where it can go. Connect to SSID, open browser, go to our Cloudpath
wizard (has been replaced with appliance, but we haven't decided if we are
interested in that). Get configured for 802.1X, have a few settings t
