Educause Security Discussion mailing list archives
Re: Fwd: bit OT -- Wifi technology
From: Daniel Bennett <dbennett () PCT EDU>
Date: Fri, 3 Sep 2010 11:30:30 +0000
I feel your pain! We have gone through the certificate update every year for the past 3. We are a WPA2 Enterprise, 802.1X, PEAP wireless as well. This year I just simply bought a 4 year certificate so we don't need to worry about this headache for 4 more years. All we could really do is test the devices and operating systems we have and notify the help desk of the change in certificate. We had to create a separate, more restricted, ssid for mobile devices that did not support our secure wireless. Daniel Bennett IT Security Analyst Pennsylvania College of Technology P:570.329.4989 E:dbennett () pct edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Barry Lynam Sent: Thursday, September 02, 2010 6:57 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Fwd: bit OT -- Wifi technology Hi, Can't really comment on the cisco infrastructure etc. but I'm interested in hearing about certificate issues. Each year when the certificate expires and requires changing, we go through a huge amount of pain testing devices just to see how they will behave so the helpdesk knows what to expect. Do others have same issues? Different devices with different version of code behave differently. We use WEP2 enterprise, 802.1x, PEAP and some other options for auth and encryption. Barry On 3/09/10 8:08 AM, "Russell Fulton" <r.fulton () AUCKLAND AC NZ> wrote:
Hi Folks this stuff has security implications but really is not primarily a security topic so please forgive me for taking liberties with the list. Currently we are a cisco shop as far as our wireless infrastructure goes -- enterprise WPA2, EAP, PEAP, authenticated via radius, but are now looking at alternatives. One thing that we are aware of is the convergence of traditional wifi and cellphone technology. It seems clear that '4G' will support some form of (more or less ?) seamless marriage of the two. This is vitally important for us because 3G bandwidth is extremely expensive here -- to the point where potentially useful mobile applications are too expensive for a large sector of our student population. Added to this is the problem of different network providers -- any deal struck with one provider will leave more than 50% of our users out in the cold. Being able to leverage our wireless network with most phones would be a big advantage. Many people already use iPhones this way but is currently not widespread enough to deliver essential services over. The other thing that we are aware of is that the Cisco gear performs well in some circumstances but sub optimally in others. We wonder if we can improve the over all performance of our wireless presence by buying AP from another provider for some niche environments (e.g. lecture theatre and other relatively open spaces) And then then there is the security aspect of mixing technologies/vendors. Are there things that we should look out for? In theory so long as we can authentication via one of radius, kerberos or AD we should be fine but is it as simple as that? So we would very much like to hear any real world experiences or of any crystal ball gazing that others have done that might help us decide where to go... Thanks, Russell
-- Barry Lynam | Information Security Manager | IT Services | QUT Phone: +61 7 3138 9408 | Fax: +61 7 3138 2921 Postal: Level 3, 88 Musk Ave, Kelvin Grove | GPO Box 2434 | Brisbane QLD 4001 Email: b.lynam () qut edu au | http://www.qut.edu.au/security/ CRICOS No 00213J
Current thread:
- Fwd: bit OT -- Wifi technology Russell Fulton (Sep 02)
- Re: Fwd: bit OT -- Wifi technology Barry Lynam (Sep 02)
- Re: Fwd: bit OT -- Wifi technology Daniel Bennett (Sep 03)
- Re: Fwd: bit OT -- Wifi technology Bradley, Stephen W. Mr. (Sep 02)
- Re: Fwd: bit OT -- Wi-Fi technology Biddle, Rob (Sep 03)
- Re: Fwd: bit OT -- Wifi technology Barry Lynam (Sep 02)