On Nov 19, 2013, at 3:05 PM, Peter P Morrissey <ppmor...@syr.edu> wrote:
> Can anyone name an application that does not have strong encryption? Search engines such as Google and Bing only encrypt data if you log into the service. Even when logged into YouTube the video stream does not appear to be encrypted. In addition to security there is also a privacy component. On an unencrypted wireless that uses a web portal a person’s data exchanged with a Bank’s website will be encrypted with TLS/SSL. However anyone watching the wireless packets can see that the person connected to the Bank’s web site since they can see the IP numbers of the TLS session. But on a wireless session protected with WPA2 a snooper can not see what sites a person visits because the IP numbers are encrypted as well. > > I'm not arguing against 802.1x, because it works very well for us as users > don't have to authenticate constantly on a portal, and we seem to do a very > good job getting them on initially, but I am having a hard time understanding > the encryption benefits lately. > > Pete Morrissey > > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ken LeCompte > Sent: Tuesday, November 19, 2013 4:00 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal > > One major consideration is that the use of https for more and more webpages > is resulting in more confused users not getting redirected to captive portal > login pages. There is also the more obvious issue that client data is not > encrypted over the air, although you could argue that more and more > applications are using TLS/SSL. I do think that you are correct that captive > portal robustness has been dramatically increased with products like the > 5508, which handles a great deal more simultaneous connections than other > products before it. I also feel like captive portal security is kinder to > backend authentication servers since the authentication is typically done > once with a decent length session timeout, whereas many supplicants do tons > of reauths. > > Thanks. > > Ken > > -- > Ken LeCompte - Manager of Information Technology Central Systems and Services > Office of Information Technology Rutgers, The State University of New Jersey > Office ~ (848) 445-4823 > Facebook: http://fb.me/RUWireless > > On Nov 19, 2013, at 3:28 PM, "Ashfield, Matt (NBCC)" <matt.ashfi...@nbcc.ca> > wrote: > >> Just wondering what people's thoughts are here regarding using the Web >> Portal authentication vs 802.1x auth in your wifi networks. Obviously one >> big "pro" for 802.1x is dynamic vlan assignment based on the users's >> credentials, but certainly for web-portal the big "pro" is simplicity for >> the user. >> >> We currently use ExpressConnect to configure student devices for our 802.1x >> wifi network using certbased authentication, and while it works great 90% of >> the time, we have 10% where it's tough to get the user on for a variety of >> reasons on student owned devices. Since we provide guest access via a portal >> authentication, we inevitably get the question as to why don't we do all >> wifi auth with that? >> >> I know when I first started out, there were limitations with the # of users >> a portal auth system could support, but I don't think that's a major concern >> anymore (we are using Cisco 5508 controllers here). Just wondering what the >> thoughts are on this list. Always good input. >> >> Thanks >> >> >> >> Matt >> ********** Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/groups/. >> > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II 701-231-8527 North Dakota State University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
