Library items tagged: advisory

Advisory: Ending of RADIUS Accounting within eduroam(UK) (May 2016)

Stefan Paetow
Wednesday, March 31, 2021 - 22:54
eduroam
advisory
May 2016 - 10/05/2016 This advisory applies to any member organisation that operates an ORPS that is configured to send RADIUS accounting packets to the NRPS. Originator: Edward Wincott Scope
Read more

Advisory: Use at least SHA-1 for RADIUS server certificates (Apr 2014)

Stefan Paetow
Wednesday, March 31, 2021 - 22:39
advisory
eduroam
md5
sha1
certificates
Buried in the historic mail archives (and likely in some older eduroam documentation) are advisories concerning the type of RADIUS certificate that eduroam(UK) participants should be using.  Basically, do not use MD5 certificates. For some time now, MD5 has been deprecated and over the past few years Operating Systems have been dropping support for such certificates. e.g. http://support.apple.com/kb/HT4999  (since iOS 5 MD5 certs are only valid for CA certs not server certs)
Read more

Advisory: Windows Mobile 8 and certificate verification (Apr 2014)

Stefan Paetow
Wednesday, March 31, 2021 - 22:35
advisory
Windows 8
certificate validation
eduroam
Announcement regarding Windows Mobile 8 and 802.1X authentication with certificate validation Best practice is that clients must be configured to trust/verify the CA that signsthe RADIUS server that presents during an 802.1X authentication - a major securitypin for eduroam is this trust/check. It has been noted that Windows Mobile 8 (WM8) devices would not authenticate the userif this 'verify' option was chosen.
Read more

Advisory: Injection of Operator-Name Attribute at the NRPSs (Oct 2018)

Edward Wincott
Friday, October 12, 2018 - 15:42
#eduroam
advisory
eduroam(UK) Advisory
eduroam(UK) Advisory: Injection of Operator-Name attribute by the NRPSs
Read more

Advisory: OpenSSL TLS Heartbleed Vulnerability

Edward Wincott
Tuesday, August 4, 2015 - 10:15
eduroam
advisory
eduroam(UK) Advisory
OpenSSL Heartbleed
Advisory issued by eduroam.OT 08/04/2014 It has come to our attention that there are vulnerabilities in the relatively new 1.0.1-series of OpenSSL (as detailed by http://heartbleed.com/) affecting TLS enabled services via a heartbeat extension. While there are no indications that this affects TLS-based EAP-mechanisms or RADIUS/TLS (aka RadSec) at this time, the operational team has made the decision to upgrade OpenSSL to versions implementing a fix for CVE-2014-0160
Read more

Advisory: Filtering of Invalid Realms in Auth Requests sent to the NRPS

Edward Wincott
Thursday, May 22, 2014 - 16:52
advisory
May 2014 - 15/05/2014 This advisory is relevant to ALL Visited (SP) service organisations participating in eduroam in the UK. It describes the recommendation, which will be included in the next revision of the Technical Specification, to filter out bad and doomed authentication requests containing malformed or 'homeless' usernames in order to reduce unnecessary loading of the national proxy servers.
Read more

Advisory: NAPTR records - Improving Efficiency of International Authentication through utilisation of RadSec at National Level

Edward Wincott
Tuesday, August 20, 2013 - 14:42
eduroam NAPTR record
NAPTR
advisory
eduroam
October 2012 - 3/10/2012 This advisory is relevant to ALL Home (IdP) service organisations participating in eduroam in the UK. It describes the use of RadSec at national proxy level, how this can benefit the individual user and what eduroam organisations must do in order to gain these benefits. Originator: Alan Buxey
Read more

Janet eduroam security measures

Anonymous
Thursday, February 9, 2012 - 10:11
advisory
wireless
eduroam
security
factsheet
PB/INFO/067 (05/07) Security was a major requirement in the design of eduroam, to ensure that organisations that provide visitor facilities, and the guests who make use of them, are not exposed to additional risks outside their control. eduroam should present fewer risks than the existing ad hoc arrangements for guest users. This factsheet explains the security measures within eduroam and how organisations can use them to protect their own security.
Read more

The overlapping channel problem

Anonymous
Thursday, February 2, 2012 - 11:34
advisory
wireless
overlapping channels
What Overlapping Channel Problem? In the UK, the area of the wireless spectrum set aside for the use of 802.11b/g wireless networking devices is the ISM (Industrial, Scientific and Medical) band between 2.400 GHz and 2.497 GHz. In the UK this is subdivided into 13 channels of 25 MHz. In the US, only the first 11 of these channels are available – a fact with implications for UK deployments (see ‘WAG’s Advice’ below).
Read more

Authors and contributors

Anonymous
Friday, February 17, 2012 - 11:23
advisory
wireless
IEEE 802.1x
implementation
Scott Armitage is a member of the IT Services department at Loughborough University and works within the Network & Security Team. Scott has been one of the key people responsible for the deployment and management of wireless networking at Loughborough and is also heavily involved in deploying 802.1X on the wired network. Recently he has also been contracted to JANET(UK) as an advisor for the newly created Wireless Technology Advisory Service (WTAS).
Read more