John: While WPA doesn't enjoy the use of AES, what's insecure about it? Requiring WPA2-only isolates some of those older cards, and there aren't many WPA2 implementations in VoFi phones or PDAs. At least if you have a mixed mode implementation you're encouraging people to use a layer-2 encryption, and one you reach a certain critical mass of WPA2-capable devices, you could choose to drop WPA. Schools, especially, have the benefit of a high turnover in it's most demanding user base.
Frank -----Original Message----- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Friday, September 22, 2006 7:45 PM To: [email protected] Subject: Re: [WIRELESS-LAN] WPA or VPN We have 2 SSID's one that is open but blocks most insecure protocols i.e. anything that would expose your university email and password. And a secure WPA2 network that authenticates against our AD (students and Staff) Basically if you can't do WPA2 then why bother trying to make something work WPA is good but not something I'd like to rely on. Running mixed mode WPA/2 is like not running WPA2 at all so why bother? We do offer our Juniper SSL VPN to our open network users. It is configured to auto launch the net connect client and split tunnel only the protocols we want to carry. It also times users out at 2 hours. Any one using WEP is actually doing a disservice to their community as it is providing a false sense of security as the protocol has been officially killed: http://www.cs.ucl.ac.uk/staff/M.Handley/papers/fragmentation.pdf We have a lot of users on WPA2. We provide instructions and a configurator to our users. Though I must say really most people use the insecure wireless as it does all they need. --- John W. Turner Director for Networks and Systems Brandeis University 781-736-4569 (office) ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
