Difference between revisions of "Virginia Tech Wifi (OLD)"
imported>Mutantmonkey (Move old EAP-TLS stuff) |
imported>Mutantmonkey (→Select a connection method) |
||
Line 32: | Line 32: | ||
The best option is [[EAP-TLS]], which provides strong, two-way authentication to ensure that neither you or the authentication server can be impersonated. Unfortunately, setting up EAP-TLS can be someonewhat involved because it requires a certificate to be installed on the device. If this is a problem, you should try [[PEAP-MSCHAPv2]] as it still provides somewhat strong authentication and allows connection to the encrypted VT-Wireless network. | The best option is [[EAP-TLS]], which provides strong, two-way authentication to ensure that neither you or the authentication server can be impersonated. Unfortunately, setting up EAP-TLS can be someonewhat involved because it requires a certificate to be installed on the device. If this is a problem, you should try [[PEAP-MSCHAPv2]] as it still provides somewhat strong authentication and allows connection to the encrypted VT-Wireless network. | ||
− | [[VT_WLAN]] is an unsecure captive portal wireless network. It requires no set up at all, but you must log in with your PID and password every time you connect. Since it is not secure, it is simple for any and all unencrypted traffic on the network to be sniffed by anyone within range and is also vulnerable to deauthentication attacks. Its use is strongly | + | [[VT_WLAN]] is an unsecure captive portal wireless network. It requires no set up at all, but you must log in with your PID and password every time you connect. Since it is not secure, it is simple for any and all unencrypted traffic on the network to be sniffed by anyone within range and is also vulnerable to deauthentication attacks. Its use is strongly discouraged. |
{| class='wikitable' width='40%' | {| class='wikitable' width='40%' |
Revision as of 21:52, 7 May 2011
Since the fall of 2008, there have been two wireless networks on campus. One network, called VT-Wireless, encrypts all traffic and is secured with EAP-TLS or PEAP-MSCHAPv2. The other network, VT_WLAN, is an unencrypted, captive portal wireless network. While connections to VT-Wireless are secure by default, and require no user authentication once set up, the EAP-TLS setup has a number of steps. In contrast, setup for VT_WLAN network is negligible, but you will be required to manually authenticate each time you connect (although this can be scripted), and your traffic will be readable to everyone.
Select a connection method
Network | Authentication | Encrypted | Setup | Support |
---|---|---|---|---|
VT-Wireless | Strong, two way (EAP-TLS) | Yes | Involved | Many devices (Laptops and Android devices) |
VT-Wireless | Good (PEAP-MSCHAPv2) | Yes | Simple | Most devices |
VT_WLAN | Weak (Captive portal) | No | Negligible | All devices |
The best option is EAP-TLS, which provides strong, two-way authentication to ensure that neither you or the authentication server can be impersonated. Unfortunately, setting up EAP-TLS can be someonewhat involved because it requires a certificate to be installed on the device. If this is a problem, you should try PEAP-MSCHAPv2 as it still provides somewhat strong authentication and allows connection to the encrypted VT-Wireless network.
VT_WLAN is an unsecure captive portal wireless network. It requires no set up at all, but you must log in with your PID and password every time you connect. Since it is not secure, it is simple for any and all unencrypted traffic on the network to be sniffed by anyone within range and is also vulnerable to deauthentication attacks. Its use is strongly discouraged.
Select a method for setup instructions | |
---|---|
EAP-TLS | PEAP-MSCHAPv2 |