[unisog] Encrypted wireless for students
michael.holstein at csuohio.edu
Wed Aug 22 15:26:27 GMT 2007
> We need to provide easy wireless access for students, but also have to
> meet a state requirement that all wireless traffic be encrypted.
Perhaps I'm missing something, but isn't this exactly what Radius (with
EAP) and dynamic keying (TKIP) is supposed to address?
On our campus, we require 802.1x on the wireless .. works fine in
XP/Mac/*nix (although *nix requires a bit of tinkering), every user gets
a unique server-assigned encryption key that changes periodically (at
the moment, I think it's a session key, but it could be regenerated
every $n minutes, or $n bytes). We use Cisco's ACS, but it can be done
with FreeRadius (et.al.) and most any "enterprise-class" access-point.
Sure, this breaks a lot of "consumer gizmos" (notably the PSP and
iPhone) since they don't support enterprise authentication methods, but
that's not been a big issue.
Michael Holstein CISSP GCIA
Cleveland State University
More information about the unisog