Re: Fwd: bit OT -- Wifi technology

[Daniel Bennett <dbennett () PCT EDU>]

I feel your pain!  We have gone through the certificate update every year for the past 3.  We are a WPA2 Enterprise, 
802.1X, PEAP wireless as well.  This year I just simply bought a 4 year certificate so we don't need to worry about 
this headache for 4 more years.

All we could really do is test the devices and operating systems we have and notify the help desk of the change in 
certificate.  We had to create a separate, more restricted, ssid for mobile devices that did not support our secure 
wireless.


Daniel Bennett
IT Security Analyst
Pennsylvania College of Technology
P:570.329.4989
E:dbennett () pct edu



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Barry 
Lynam
Sent: Thursday, September 02, 2010 6:57 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Fwd: bit OT -- Wifi technology

Hi,

Can't really comment on the cisco infrastructure etc. but I'm interested in
hearing about certificate issues.  Each year when the certificate expires
and requires changing, we go through a huge amount of pain testing devices
just to see how they will behave so the helpdesk knows what to expect.  Do
others have same issues?  Different devices with different version of code
behave differently.

We use WEP2 enterprise, 802.1x, PEAP and some other options for auth and
encryption.

Barry




On 3/09/10 8:08 AM, "Russell Fulton" <r.fulton () AUCKLAND AC NZ> wrote:

> Hi Folks
>
> this stuff has security implications but really is not primarily a security
> topic so please forgive me for taking liberties with the list.
>
> Currently we are a cisco shop as far as our wireless infrastructure goes --
> enterprise WPA2, EAP, PEAP,  authenticated via radius, but are now looking at
> alternatives.  
>
> One thing that we are aware of is the convergence of traditional wifi and
> cellphone technology.  It seems clear that '4G' will support some form of
> (more or less ?) seamless marriage of the two.  This is vitally important for
> us because 3G bandwidth is extremely expensive here -- to the point where
> potentially useful mobile applications are too expensive for a large sector of
> our student population.  Added to this is the problem of different network
> providers -- any deal struck with one provider will leave more than 50% of our
> users out in the cold.  Being able to leverage our wireless network with most
> phones would be a big advantage.  Many people already use iPhones this way but
> is currently not widespread enough to deliver essential services over.
>
> The other thing that we are aware of is that the Cisco gear performs well in
> some circumstances but sub optimally in others.  We wonder if we can improve
> the over all performance of our wireless presence by buying AP from another
> provider for some niche environments (e.g. lecture theatre and other
> relatively open spaces)
>
> And then then there is the security aspect of mixing technologies/vendors.
> Are there things that we should look out for?  In theory so long as we can
> authentication via one of radius, kerberos or AD we should be fine but is it
> as simple as that?
>
> So we would very much like to hear any real world experiences or of any
> crystal ball gazing that others have done that might help us decide where to
> go...
>
> Thanks, Russell  

--
Barry Lynam | Information Security Manager | IT Services | QUT
Phone: +61 7 3138 9408 | Fax: +61 7 3138 2921
Postal:  Level 3, 88 Musk Ave, Kelvin Grove | GPO Box 2434 | Brisbane QLD
4001
Email: b.lynam () qut edu au | http://www.qut.edu.au/security/
CRICOS No 00213J