Re: student wireless security model

[Philip Webster <p.webster () QUT EDU AU>]

On 31/08/10 1:05 AM, Mayne, Jim wrote:
> I am curious what security model other universities are now using for
> their student wireless networks.
>
> -      Encrypted or unencrypted
>
> -      Authentication (mac, 802.1x, web portal etc.)
>
> -      Any NAC security checks on the client

I've spoken with Jim and drawn up a quick summary of this discussion:

  Encryption:     WPA2             15
                  None (+auth)      1
                  None (VPN+NAC)    1

  Authentication: 802.1x            6
                  802.1x (PEAP)     5
                  802.1x (EAP-TLS)  1
                  Pre-shared Key    1
                  LDAP (?)          1
                  Radius (?)        1

  NAC:            Mandatory:        4
                  Optional:         1


(I've deliberately left out visitor networks.)

I'll get in touch with a few of the responders soon to see if I can
gather some more details about some of the stats (primarily: further
details about 802.1x ... assuming PEAP?; and how LDAP/Radius is being
used if not within 802.1x).

I'll update this with any further info if available.

My interest in this discussion is that we use PEAP and have found that
replacing the SSL certificate is quite difficult. The technical aspects
are straight forward, but coordinating the change and communicating the
expected outcomes to staff and students -- who can use any device they
like -- is a fairly large task.

Cheers
Phil

-- 
Philip Webster, IT Security Engineer
Queensland University of Technology
Ph: +61 7 3138 9537 | Mb: 0411 653 313 | CRICOS No. 00213J