Educause Security Discussion mailing list archives
Re: 802.1X for wired ports
From: Mike Wiseman <mike.wiseman () UTORONTO CA>
Date: Thu, 17 Jun 2010 09:47:05 -0400
It’s just not possible without the user making the decision or having his device configured in some secure way (which BTW applies to websites also). Because an intruder can buy a cert for his radius server so someone has to pick between radius.myschool.edu and gotcha-radius.myschool.edu. MikeWell it would be between radius.myschool.edu and gotcha-radius.myschooledu.com or something.. hopefully an attacker wouldn't be able to get a valid cert under the correct domain.
Oops, you're right Justin - thanks. Mike
Current thread:
- 802.1X for wired ports Entwistle, Bruce (Jun 14)
- Re: 802.1X for wired ports David Gillett (Jun 15)
- Re: 802.1X for wired ports Russell Fulton (Jun 16)
- Re: 802.1X for wired ports Russell Fulton (Jun 16)
- Re: 802.1X for wired ports Mike Wiseman (Jun 17)
- Re: 802.1X for wired ports Justin Azoff (Jun 17)
- Re: 802.1X for wired ports Mike Wiseman (Jun 17)
- Re: 802.1X for wired ports David Gillett (Jun 15)
- <Possible follow-ups>
- Re: 802.1X for wired ports James R. Pardonek (Jun 17)
- Re: 802.1X for wired ports Daniel Bennett (Jun 17)
- Re: 802.1X for wired ports James R. Pardonek (Jun 17)
- Re: 802.1X for wired ports Daniel Bennett (Jun 17)