Library items tagged: advisory

April 2014 - 8-14/04/2014 This advisory applies to all member organisations using RADIUS systems using TLS enabled with OpenSSL. Go to: https://community.jisc.ac.uk/blogs/eduroam/document/advisory-openssl-tls...
May 2014 - 15/05/2014 This advisory is relevant to ALL Visited (SP) service organisations participating in eduroam in the UK. It describes the recommendation, which will be included in the next revision of the Technical Specification, to filter out bad and doomed authentication requests containing malformed or 'homeless' usernames in order to reduce unnecessary loading of the national proxy servers.
Anonymous
PB/INFO/067 (05/07) Security was a major requirement in the design of eduroam, to ensure that organisations that provide visitor facilities, and the guests who make use of them, are not exposed to additional risks outside their control. eduroam should present fewer risks than the existing ad hoc arrangements for guest users. This factsheet explains the security measures within eduroam and how organisations can use them to protect their own security.
Anonymous
What Overlapping Channel Problem? In the UK, the area of the wireless spectrum set aside for the use of 802.11b/g wireless networking devices is the ISM (Industrial, Scientific and Medical) band between 2.400 GHz and 2.497 GHz. In the UK this is subdivided into 13 channels of 25 MHz. In the US, only the first 11 of these channels are available – a fact with implications for UK deployments (see ‘WAG’s Advice’ below).
Anonymous
Scott Armitage is a member of the IT Services department at Loughborough University and works within the Network & Security Team. Scott has been one of the key people responsible for the deployment and management of wireless networking at Loughborough and is also heavily involved in deploying 802.1X on the wired network. Recently he has also been contracted to JANET(UK) as an advisor for the newly created Wireless Technology Advisory Service (WTAS).
Anonymous
Operating System Support Currently client devices pose the largest potential problem when deploying 802.1X. Whilst modern operating systems such as Microsoft® Windows Vista/XP®, Mac OS X® 10.4/10.5 and Linux® natively support 802.1X, older OS such as Microsoft® Windows 98/ME® do not. Additionally there are many other devices on the network which do not support 802.1X such as printers, network music player, desktop hubs/switches, and the current iPhone (Firmware 1.1.4.). Workarounds must be found if these devices are to continue functioning on the network.
Anonymous
The key component in 802.1X is the RADIUS server which is capable of AAA. There are several widely-deployed commercial RADIUS servers available: Microsoft® IAS, Cisco® ACS, Funk Steel-Belted Radius. There are also two widely deployed Open Source RADIUS servers available, FreeRADIUS and RADIATOR. FreeRADIUS is non-commercial GPL software, RADIATOR is commercial.
Anonymous
Prerequisites To deploy 802.1X within your organisation you will require suitable infrastructure capable of supporting it.
Anonymous
How 802.1X works There are three main components in the 802.1X authentication cycle:
Anonymous
022 (04/08) This document was produced to share knowledge, experience and current developments surrounding campus 802.1X implementation within the JANET community. Readers are assumed to have a basic knowledge of networking concepts and preventive security awareness. A companion technical guide Security Matters is available.