ilight/gigapop eduroam Discussion Campus Network Engineering

Similar documents
Introduction to eduroam

Guide to Configuring eduroam Using the Aruba Wireless Controller and ClearPass RADIUS

Introduction to eduroam

Configuring 802.1X Settings on the WAP351

Wireless access for Oxford University Staff on Oxfordshire NHS sites

ENHANCING PUBLIC WIFI SECURITY

802.1x Port Based Authentication

Cross-organisational roaming on wireless LANs based on the 802.1X framework Author:

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Wireless LAN Security. Gabriel Clothier

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Using PEAP and WPA PEAP Authentication Security on a Zebra Wireless Tabletop Printer

Network Security 1. Module 7 Configure Trust and Identity at Layer 2

Deliverable DJ Inter-NREN roaming technical specification document

eduroam Web Interface User Guide

ISE Primer.

Who can use eduroam. Participating Organizations. How does eduroam work

Network Security: WLAN Mobility. Tuomas Aura CS-E4300 Network security Aalto University, Autumn 2017

Aruba PEAP-GTC Supplicant Plug-In Guide

How to connect to Wi-Fi

Authentication and Security: IEEE 802.1x and protocols EAP based

Configuring L2TP over IPsec

MCSA Guide to Networking with Windows Server 2016, Exam

Zebra Mobile Printer, Zebra Setup Utility, Cisco ACS, Cisco Controller PEAP and WPA-PEAP

RADIUS Configuration Note WINS : Wireless Interoperability & Network Solutions

Network Access Flows APPENDIXB

Rhodes University Wireless Network

IEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT

Your wireless network

Chapter 4 Configuring 802.1X Port Security

Microsoft NPS Configuration Guide

IMPORTANT INFORMATION FOR CURTIN WIRELESS ACCESS - STUDENT / WINDOWS XP -

Monitoring of RADIUS infrastructure

Configuring Funk Odyssey Software, Avaya AP-3 Access Point, and Avaya

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]

Network Device Provisioning

Mobile WiMAX Security

Configuring the Client Adapter through Windows CE.NET

How to connect your device using eduroam

Wireless Networking (hosted at

Standard For IIUM Wireless Networking

Using EAP-TTLS and WPA EAP-TTLS Authentication Security on a Wireless Zebra Tabletop Printer

1.3 More information about eduroam is available at the relevant eduroam Service Provider (ESP) website detailed in Schedule 1 of this document.

Zebra Setup Utility, Zebra Mobile Printer, Microsoft NPS, Cisco Controller, PEAP and WPA-PEAP

Wired Dot1x Version 1.05 Configuration Guide

Exam HP2-Z33 HP Unified Wired-Wireless Networks and BYOD Version: 6.2 [ Total Questions: 65 ]

Configuring EAP-FAST CHAPTER

New Windows build with WLAN access

802.1x Configuration. FSOS 802.1X Configuration

Internet Access: Wireless WVU.Encrypted Network Connecting a Windows 7 Device

Cisco CCIE Wireless Beta Written. Download Full Version :

802.1X: Background, Theory & Implementation

EAPlab the ultimate EAP testing facility developed within the SENSE project

Vendor: Cisco. Exam Code: Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0. Version: Demo

User Databases. ACS Internal Database CHAPTER

Cisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps

Setting Up Cisco SSC. Introduction CHAPTER

P ART 3. Configuring the Infrastructure

Policy User Interface Reference

Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide

Connecting to the Eduroam WiFi

TestsDumps. Latest Test Dumps for IT Exam Certification

Port-based authentication with IEEE Standard 802.1x. William J. Meador

COPYRIGHTED MATERIAL. Contents

Extending Services with Federated Identity Management

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

ipad in Business Security Overview

IEEE 802.1X workshop. Networkshop 34, 4 April Josh Howlett, JRS Technical Support, University of Bristol. Copyright JNT Association

Protected EAP (PEAP) Application Note

Connect to eduroam WiFi

802.1X: Deployment Experiences and Obstacles to Widespread Adoption

Pulse Policy Secure X Network Access Control (NAC) White Paper

TERENA Technical Report. TF-Mobility. Inter-NREN roaming. Final Report. James Sankar UKERNA Klaas Wierenga - SURFnet

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users

education federation CUC 2005, Dubrovnik High-quality Internet for higher education and research

Campus Wi-Fi. Set up access to eduroam: the University Wi-Fi network

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

Exam Questions HP2-Z33

ExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

Securing Wireless Networks by By Joe Klemencic Mon. Apr

Layer 2 authentication on VoIP phones (802.1x)

Office 365 and Azure Active Directory Identities In-depth

- PIX Advanced IPSEC Lab -

Certificate Enrollment for the Atlas Platform

Managing External Identity Sources

Chapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing

ACCP-V6.2Q&As. Aruba Certified Clearpass Professional v6.2. Pass Aruba ACCP-V6.2 Exam with 100% Guarantee

Preliminary selection for inter-nren roaming. Version: 1.0

Cisco Desktop Collaboration Experience DX650 Security Overview

Wireless for Windows 7

Phone Security. Phone Security. This chapter provides information about phone security.

The Most Important Facts in a Nutshell Content Security User Interface Security Infrastructure Security In Detail...

Eduroam wireless network - Mac OSX 10.5 Leopard

The challenges of (non-)openness:

Cisco Secure ACS for Windows v3.2 With PEAP MS CHAPv2 Machine Authentication

11B/G Wireless Mini PCI Adapter WL533MAM User s Manual

Configuring the Client Adapter through the Windows XP Operating System

Transcription:

ilight/gigapop eduroam Discussion Campus Network Engineering By: James W. Dickerson Jr. May 10, 2017

What is eduroam?» eduroam (education roaming) is an international roaming service for users in research, higher education and further education.» Authentication of users is performed by their home institution, using the same credentials as when they access the network locally, while authorization to access the Internet and possibly other resources is handled by the visited institution.

What is eduroam?» Having started in Europe, eduroam has gained momentum throughout the research and education community and is now available in 72 territories.» The authentication of a user is carried out at their Identity Provider (IdP), using their specific authentication method.» eduroam IdPs operate a RADIUS server which is responsible for authenticating its own users, by checking the credentials against a local identity management system.

What is eduroam?» The authorization decision allowing access to the network resources upon proper authentication is done by the Service Provider (SP), typically a WiFi hotspot (University campus, etc.).» eduroam SPs operate RADIUS capable equipment like Access Points or switches (see below). Large SPs typically also deploy an own RADIUS server, which is then responsible for forwarding requests from visiting users to the respective federation RADIUS server. Upon proper authentication of a user the SP RADIUS server may assign a VLAN to the user. Small SPs which do not require VLAN assignments can connect their RADIUS equipment directly to their FLR server, if the FLR permits that mode of operation.

How Does It Work?» eduroam requires that the chosen EAP method must allow» mutual authentication (i.e. the user can verify that he is connected to "his" IdP whereever the user is» encryption of the credentials used (i.e. only the user and his IdP will see the actual credential exchange; it will be invisible to the Service Provider and all intermediate proxies)

How Does It Work?» Some popular EAP methods in use in eduroam are:» PEAP ("Protected EAP") - a Microsoft protocol that establishes a TLS tunnel, and sends usernames and passwords in MS-CHAPv2 hashes inside)» TTLS ("Tunneled TLS") - an IETF protocol that establishes a TLS tunnel, and sends usernames and passwords in multiple configurable formats inside)» TLS ("Transport Layer Security") - an IETF protocol that authenticates users and the IdP with two X.509 certificates» FAST ("Flexible Authentication via Secure Tunneling") - a Cisco protocol that establishes a TLS tunnel, and sends usernames and passwords in a custom way inside)

How Does It Work?» eduroam allows any user from an eduroam participating site to get network access at any institution connected to eduroam. Depending on local policies at the visited institutions, eduroam participants may also have additional resources at their disposal.

How Does It Work?» The user credentials are kept secure because eduroam does not share them with the site you re visiting. Instead they are forwarded to the user s home institution, where they can be verified and validated.

How Does It Work?» The system uses a network of servers run by the institutions, and the participating National Research and Education Networks (NRENs) to securely route these requests back to your home institute. All this happens seamlessly and virtually instantly all thanks to eduroam!

How Does It Work?

How Does It Work?

How Does It Work?

Advantages of Eduroam» eduroam is based on the most secure encryption and authentication standards in existence today. Its security by far exceeds typical commercial hotspots.» Be aware though that when using the general Internet at an eduroam hotspot, the local site security measures at that hotspot will apply to you as well. For example, the firewall settings at the visited place may be different from those you are used to at home, and as a guest you may have access to fewer services on the Internet than you have at home.

Advantages of Eduroam» eduroam requires the use of 802.1x which provides end-to-end encryption to ensure that your private user credentials are only available to your home institution.» The certificate of your home institution is the only point you need to trust regardless of who operates any intermediate infrastructure.

Configuration & Tools» https://wiki.geant.org/display/h2eduroam/ eduroam+set+up» https://www.eduroam.us/» https://cat.eduroam.org/

Sources» https://en.wikipedia.org/wiki/eduroam» https://www.eduroam.org/what-iseduroam/» https://www.eduroam.org/eduroamsecurity/» https://www.incommon.org/eduroam/ faq.html» https://www.eduroam.us/node/10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback