Educause Security Discussion mailing list archives

Re: 802.1X for wired ports

From: Mike Wiseman <mike.wiseman () UTORONTO CA>
Date: Thu, 17 Jun 2010 09:47:05 -0400

It’s just not possible without the user making the decision or having
his device configured in some secure way (which BTW applies to
websites also). Because an intruder can buy a cert for his radius
server so someone has to pick between radius.myschool.edu and
gotcha-radius.myschool.edu.

Mike


Well it would be between radius.myschool.edu and
gotcha-radius.myschooledu.com or something.. hopefully an attacker
wouldn't be able to get a valid cert under the correct domain.


Oops, you're right Justin - thanks.

Mike

Current thread:

802.1X for wired ports Entwistle, Bruce (Jun 14)
- Re: 802.1X for wired ports David Gillett (Jun 15)
  - Re: 802.1X for wired ports Russell Fulton (Jun 16)
  - Re: 802.1X for wired ports Russell Fulton (Jun 16)
    - Re: 802.1X for wired ports Mike Wiseman (Jun 17)
    - Re: 802.1X for wired ports Justin Azoff (Jun 17)
    - Re: 802.1X for wired ports Mike Wiseman (Jun 17)
- Re: 802.1X for wired ports Justin Azoff (Jun 21)
- <Possible follow-ups>
- Re: 802.1X for wired ports James R. Pardonek (Jun 17)
  - Re: 802.1X for wired ports Daniel Bennett (Jun 17)
    - Re: 802.1X for wired ports James R. Pardonek (Jun 17)