Educause Security Discussion mailing list archives

Re: Wireless Security

From: Daniel Bennett <dbennett () PCT EDU>
Date: Fri, 30 May 2008 07:10:51 -0400

You want to do what we are currently in the middle of doing.  We had a wide open wireless for a while and soon it is 
being converted to WPA/WPA2 and  802.1x Authentication using PEAP with MSCHAP v2.  We use Cisco APs as well and we have 
2 WiSMs that we manage them with.  It appears to be working great.  We have 2 2008 Servers running NPS for Radius 
authentication for 802.1x.  The only down fall that we have had is PDAs.  I think it is a compatibility issue with 
CISCO APs, WiSM, or something that PDAs that support WPA or WPA2 encryption can't authenticate.  We can get PDAs to 
associate to the APs but that is where they stop.  So to fix that problem we have a special dumbed down network for 
those with Internet Only access.

If anyone knows of any 3rd party, possibly free, pda authentication application that would help use with 802.1x 
authentication that would be great.  Like I said we run a WPA/WPA2 AES encrypted wireless with 802.1x authentication 
using PEAP.

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Entwistle, Bruce
Sent: Thursday, May 29, 2008 5:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Wireless Security

We will be installing a wireless network in our on campus residence halls this summer.  As part of the project we are 
also looking to increase security on our wireless network.  Our current security policy is all wireless users must 
authenticate on to the network which is controlled by out Impulse NAC.  Once connected, network access is limited by 
access lists for the VLANs.   Our current network consists of Cisco 1200 APs which are managed by a WLSE appliance.   
We are looking to go to encrypted connections, along with looking at other alternatives for authentication such as 
802.1x.  I am looking to find what others have done in similar implementations, both success and failures, along with 
the challenges associated with such a project.

Thank you
Bruce Entwistle
Associate Director Enterprise Services
University of Redlands

Current thread:

Wireless Security Entwistle, Bruce (May 29)
- <Possible follow-ups>
- Re: Wireless Security Daniel Bennett (May 30)
- Re: Wireless Security Ian McDonald (May 30)
- Re: Wireless Security Julian Y. Koh (May 30)