Library items tagged:

Janet Peering Policy

Tuesday, July 6, 2021 - 16:40

Last updated: 6th July 2021, Lesley Ford, Connectivity Product Manager Janet Public Peering Agreement Jisc Services Limited Peering Policy Jisc Services Limited (JSL) operates an open peering policy and all ISPs are invited to peer. We are present at LINX LON1, LINX LON2, LINX Manchester and IXLeeds

2021-06 Advisory: Fragmentation and Aggregation Attacks (FragAttacks)

Edward Wincott

Monday, June 14, 2021 - 10:32

#eduroam

advisory

Published: 14/06/2021 This advisory applies to all organisations providing a Visited (Wi-Fi) service. Whilst not specifically an eduroam/802.1X related issue, the FragAttacks vulnerabilities highlight the need to keep your Wi-Fi devices patched to ensure that fixes developed by your equipment vendors are applied to your infrastructure. Several vendors have been quick to respond and have released updates; you may have received direct e-mail notification.

Fast track guide to Visited-only service

Edward Wincott

Friday, June 4, 2021 - 11:05

Created 4/06/2021 Fast Track Guide to implementing an eduroam Visited-only (Wi-Fi for guest visitors) service. This document has been produced in response to the initative to encourage deployment of eduroam services alongside existing govroam services. It can nevertheless be used as guide for any organisation wishing to deliver a visitor-only service, for instance NHS Hospital Trusts, conference venues or for organisations wishing to take a first visitor-only step towards a full Home and Visited service.

Introducing eduroam Support Server 2 NWS45

Edward Wincott

Monday, May 17, 2021 - 17:20

This is the presentation given by Nik Mitev at Networkshop 45 in Nottingham on 11/04/2017, introducing Support Server 2. An overview of the portal screens and under the bonnet features and function is presented. Support Server 2 is now in production and continues to be developed in line with our ethos of continual service improvement.

2021-04 Advisory: Android 11 configuration issues, geteduroam, server certificates

Edward Wincott

Thursday, April 1, 2021 - 17:58

Released 1st April 2021 Updated 16th April 2021 This advisory applies to all organisations providing a Home (IdP) service who wish to support users on Android 11 devices. A number of issues have arisen simultaneously which have resulted in a complex situation which requires a careful response from member organisations to avoid user disappointment. The recommended actions are summarised at the bottom of this page. Contents:

Advisory: Ending of RADIUS Accounting within eduroam(UK) (May 2016)

Stefan Paetow

Wednesday, March 31, 2021 - 22:54

eduroam

advisory

May 2016 - 10/05/2016 This advisory applies to any member organisation that operates an ORPS that is configured to send RADIUS accounting packets to the NRPS. Originator: Edward Wincott Scope

Advisory: Use at least SHA-1 for RADIUS server certificates (Apr 2014)

Stefan Paetow

Wednesday, March 31, 2021 - 22:39

Buried in the historic mail archives (and likely in some older eduroam documentation) are advisories concerning the type of RADIUS certificate that eduroam(UK) participants should be using. Basically, do not use MD5 certificates. For some time now, MD5 has been deprecated and over the past few years Operating Systems have been dropping support for such certificates. e.g. http://support.apple.com/kb/HT4999 (since iOS 5 MD5 certs are only valid for CA certs not server certs)

Advisory: Windows Mobile 8 and certificate verification (Apr 2014)

Stefan Paetow

Wednesday, March 31, 2021 - 22:35

advisory

Windows 8

certificate validation

eduroam

Announcement regarding Windows Mobile 8 and 802.1X authentication with certificate validation Best practice is that clients must be configured to trust/verify the CA that signsthe RADIUS server that presents during an 802.1X authentication - a major securitypin for eduroam is this trust/check. It has been noted that Windows Mobile 8 (WM8) devices would not authenticate the userif this 'verify' option was chosen.

Advisory: Use of Status-Server (Jul 2015)

Stefan Paetow

Wednesday, March 31, 2021 - 22:22

Status-Server (RADIUS Code Type 12 packet) uses RFC 5997 - http://www.ietf.org/rfc/rfc5997.txt - to deliver a method of one RADIUS server or client to know the status of an upstream or downstream server.