We have 2 SSID's one that is open but blocks most insecure protocols i.e.
anything that would expose your university email and password. And a secure
WPA2 network that authenticates against our AD (students and Staff)
Basically if you can't do WPA2 then why bother trying to make something work
WPA is good but not something I'd like to rely on. Running mixed mode WPA/2
is like not running WPA2 at all so why bother?
We do offer our Juniper SSL VPN to our open network users. It is configured
to auto launch the net connect client and split tunnel only the protocols we
want to carry. It also times users out at 2 hours.
Any one using WEP is actually doing a disservice to their community as it is
providing a false sense of security as the protocol has been officially
killed:
http://www.cs.ucl.ac.uk/staff/M.Handley/papers/fragmentation.pdf
We have a lot of users on WPA2. We provide instructions and a configurator
to our users. Though I must say really most people use the insecure wireless
as it does all they need.
---
John W. Turner
Director for Networks and Systems
Brandeis University
781-736-4569 (office)
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
