Educause Security Discussion mailing list archives

Re: WEP

From: "Koerber, Jeff" <jkoerber () TOWSON EDU>
Date: Mon, 18 Jul 2005 09:39:57 -0400

VPN works OK, but if you lose the signal for even less than a second, you have to reauthenticate (At least with the 
Cisco VPN client).  We allow access to our VPN server on our guest network, but encourage people to connect via LEAP if 
possible.

Jeff Koerber
Field Support Coordinator 
Office of Technology Services
Towson University
Towson, MD


-----Original Message-----
From: Gaddis, Jeremy L. [mailto:jlgaddis () IVYTECH EDU] 
Sent: Friday, July 15, 2005 2:08 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] WEP

Hi Chad,

We never implemented WEP.  When you have to share a key between potentially hundreds or even thousands of users, it's 
no longer a secret.

We skipped WEP and opted for VPN technologies instead.  Campus access points lived on a subnet all of their own.  The 
only traffic permitted out of this subnet is 1723/TCP and GRE to a PPTP VPN server.  Once authenticated to this VPN 
server via Active Directory credentials, students have access to the Internet and (limited) internal resources -- the 
same as they would from off-campus (public web sites, etc.).  All of this is done at layers 2, 3, and 4.

Currently there are no restrictions on outgoing traffic with the exception of 25/TCP (which is filtered outbound even 
for administrative PCs).  We keep a close eye on the traffic, however, and will probably lockdown the wireless networks 
in the near future -- most likely SSH, HTTP, and HTTPS will be the only types of traffic allowed to off-campus 
destinations.

We are about to evaluate HP's Secure Access 700wl Series
(http://www.hp.com/rnd/products/wireless/700wlseries/overview.htm) to provide a more secure wireless solution and to 
provide access to internal resources to faculty and staff (who are currently subject to the same limitations as 
students on the wireless network).

-j

--
Jeremy L. Gaddis   <jlgaddis () ivytech edu>
Special Projects Manager
Computer & Technology Services
Ivy Tech State College, Bloomington
812.330.6156 (w)   812.797.6176 (m)


-----Original Message-----
From: Chad McDonald [mailto:chad.mcdonald () GCSU EDU]
Sent: Wednesday, July 13, 2005 7:47 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] WEP

Understanding that WEP is relatively easy to crack, how many of you have moved away from WEP as an addtional layer of 
security for your wireless networks?  What was your reasoning for doing so?
 
Thanks,
Chad McDonald, CISSP
Chief Information Security Officer
Georgia College & State University
478.445.4473  Office
478.454.8250 Cell
478.445.1202 Fax

Current thread:

WEP Chad McDonald (Jul 13)
- <Possible follow-ups>
- Re: WEP Dan Updegrove (Jul 13)
- Re: WEP Alt, Brandon C. (Jul 13)
- Re: WEP Christopher E. Cramer (Jul 13)
- Re: WEP Dean De Beer (Jul 13)
- Re: WEP Brenda B Gombosky (Jul 13)
- Re: WEP Penn, Blake (Jul 13)
- Re: WEP Chris Steele (Jul 13)
- Re: WEP Gaddis, Jeremy L. (Jul 15)
- Re: WEP Koerber, Jeff (Jul 18)