advisory

Advisory: OpenSSL TLS Heartbleed Vulnerability

Edward Wincott
Tuesday, August 4, 2015 - 10:15
eduroam
advisory
eduroam(UK) Advisory
OpenSSL Heartbleed
Advisory issued by eduroam.OT 08/04/2014 It has come to our attention that there are vulnerabilities in the relatively new 1.0.1-series of OpenSSL (as detailed by http://heartbleed.com/) affecting TLS enabled services via a heartbeat extension. While there are no indications that this affects TLS-based EAP-mechanisms or RADIUS/TLS (aka RadSec) at this time, the operational team has made the decision to upgrade OpenSSL to versions implementing a fix for CVE-2014-0160
Read more

Advisory: Filtering of Invalid Realms in Auth Requests sent to the NRPS

Edward Wincott
Thursday, May 22, 2014 - 16:52
advisory
May 2014 - 15/05/2014 This advisory is relevant to ALL Visited (SP) service organisations participating in eduroam in the UK. It describes the recommendation, which will be included in the next revision of the Technical Specification, to filter out bad and doomed authentication requests containing malformed or 'homeless' usernames in order to reduce unnecessary loading of the national proxy servers.
Read more
31 March 2021 at 9:54pm

Advisory: OpenSSL TLS Heartbleed Vulnerability, 8-14 April 2014 rev 1.2

Edward Wincott
eduroam
advisory
OpenSSL Heartbleed
This advisory has moved to: https://community.jisc.ac.uk/library/janet-services-documentation/advisory-openssl-tls-heartbleed-vulnerability/
Read more

Advisory: NAPTR records - Improving Efficiency of International Authentication through utilisation of RadSec at National Level

Edward Wincott
Tuesday, August 20, 2013 - 14:42
eduroam NAPTR record
NAPTR
advisory
eduroam
October 2012 (3/10/2012) Updated 2/11/2023 This advisory is relevant to ALL Home (IdP) service organisations participating in eduroam in the UK. It describes the use of RadSec at national proxy level, how this can benefit the individual user and what eduroam organisations must do in order to gain these benefits. **This Advisory Remains in Force - it is Applicable to the Current Date** Originator: Alan Buxey
Read more
15 January 2013 at 3:46pm

eduroam(UK) Announcement of Change of Name of the Janet Roaming Service to eduroam(UK)

Edward Wincott
advisory
eduroam
This advisory is relevant to all participants in the UK providing the eduroam federated service historically known as the Janet Roaming Service. Organisations are requested to review their service-related web material. 9/01/2013
Read more
31 March 2021 at 10:52pm

Advisory: Improving Efficiency of International Authentication through utilisation of RadSec at National Level

Edward Wincott
advisory
eduroam
NAPTR
eduroam NAPTR record
This advisory has moved to: https://community.jisc.ac.uk/library/janet-services-documentation/advisory-improving-efficiency-international-authentication
Read more
31 March 2021 at 9:42pm

Advisory: FreeRADIUS 2.1.10,11,12 Security

Edward Wincott
advisory
eduroam
This advisory has been moved to: https://community.jisc.ac.uk/library/janet-services-documentation/advisory-freeradius-21101112-security
Read more

Authors and contributors

Anonymous
Friday, February 17, 2012 - 11:23
advisory
wireless
IEEE 802.1x
implementation
Scott Armitage is a member of the IT Services department at Loughborough University and works within the Network & Security Team. Scott has been one of the key people responsible for the deployment and management of wireless networking at Loughborough and is also heavily involved in deploying 802.1X on the wired network. Recently he has also been contracted to JANET(UK) as an advisor for the newly created Wireless Technology Advisory Service (WTAS).
Read more

Client configuration

Anonymous
Friday, February 17, 2012 - 11:21
wireless
advisory
802.1x
implementation
technical guide
Operating System Support Currently client devices pose the largest potential problem when deploying 802.1X. Whilst modern operating systems such as Microsoft® Windows Vista/XP®, Mac OS X® 10.4/10.5 and Linux® natively support 802.1X, older OS such as Microsoft® Windows 98/ME® do not. Additionally there are many other devices on the network which do not support 802.1X such as printers, network music player, desktop hubs/switches, and the current iPhone (Firmware 1.1.4.). Workarounds must be found if these devices are to continue functioning on the network.
Read more
Subscribe to advisory