Educause Security Discussion mailing list archives
Re: Wi-Fi student administrative system
From: Jeff Holden <JHolden () MTSAC EDU>
Date: Tue, 31 Aug 2010 09:57:05 -0700
SSL isn't enough in my opinion to protect administrative systems. Their have been enough weaknesses in SSL show that it shouldn't be relied on as the only means of security. Attacks such as SSL strip are hard to detect and not to mention the MD5 collision attack that could allow someone to create a bogus CA and the null prefix attack. Thanks, Jeff Holden, CISSP, RHCE Manager, Network & Data Security Mt. San Antonio College |------------> | From: | |------------>
--------------------------------------------------------------------------------------------------------------------------------------------------|
|"Shalla, Kevin" <kshalla () UIC EDU>
|
--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------> | To: | |------------>
--------------------------------------------------------------------------------------------------------------------------------------------------|
|SECURITY () LISTSERV EDUCAUSE EDU
|
--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------> | Date: | |------------>
--------------------------------------------------------------------------------------------------------------------------------------------------|
|08/31/2010 09:50 AM
|
--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------> | Subject: | |------------>
--------------------------------------------------------------------------------------------------------------------------------------------------|
|Re: [SECURITY] Wi-Fi student administrative system
|
--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------> | Sent by: | |------------>
--------------------------------------------------------------------------------------------------------------------------------------------------|
|The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
|
--------------------------------------------------------------------------------------------------------------------------------------------------|
Doesn't ssl protect against a hostile network in this situation? Or is it still subject to man-in-the-middle or other attacks? On Mon, August 30, 2010 9:47 am, James Farr '05 wrote:
We are in the process of upgrading our Wi-Fi infrastructure and the topic of using Student Administrative Systems on Wi-Fi has come up. We currently only allow access limited to special circumstances and only allow connections from certain networks which are encrypted. Users want Wi-Fi, I would prefer that they wait will a hard wire connection is available. I am trying to balance usability with Security so I am wondering how others feel. Do you allow the use of Student Administrative systems via Wireless (Banner, Datatel, PeopleSoft) What type of protection do you use? (encryption, the use of a NAC to put people in special Vlans, Citrix/SGD, other) James Farr Information Security Officer Instructional Technologist Utica College jfarr () utica edu 315-223-2386
Current thread:
- Logon Disclaimer Shaun Gray (Aug 25)
- Re: Logon Disclaimer Gina Mieszczak (Aug 25)
- Re: Logon Disclaimer Valdis Kletnieks (Aug 25)
- Re: Logon Disclaimer James Farr '05 (Aug 25)
- Re: Logon Disclaimer Valdis Kletnieks (Aug 25)
- Wi-Fi student administrative system James Farr '05 (Aug 30)
- Re: Wi-Fi student administrative system Solem, Vik P. (Aug 30)
- Re: Wi-Fi student administrative system Shalla, Kevin (Aug 31)
- Re: Wi-Fi student administrative system Jeff Holden (Aug 31)