We have been extremely happy with SecureW2. Outstanding support. No major issues with large amounts of TLS onboardings over several years. We moved to SecureW2 from Cloudpath ES.
Ryan Turner Manager of Network Operations ITS Communication Technologies The University of North Carolina at Chapel Hill [email protected]<mailto:[email protected]> +1 919 445 0113 Office +1 919 274 7926 Mobile From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Osborne, Bruce W (Network Operations) Sent: Wednesday, August 30, 2017 8:00 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Wireless onboarding and security posturing A few years ago we worked to move away from NAC (Bradford Campus Manager) to 801.1X authentication without NAC. We ended up purchasing Aruba ClearPass but purchased (& did not use) some OnGuard NAC licenses to appease some management that we could deploy NAC if needed. He have not needed that. We have been onboarding with the deprecated CloudPath Wizard product for several years. We are now evaluating onboarding (non-NAC) alternatives. So far the best choice appears to be SecureW2 when pricing & features are considered. I asked CloudPath ES, like Wizard has a one-time onboarding NAC-like feature. Apparently, SecureW2 had similar features but removed them due to non-use. Pricing appeatrs to be much better than Aruba’s offering. Bruce Osborne Senior Network Engineer Network Operations - Wireless (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Curtis L. Parish [mailto:[email protected]] Sent: Tuesday, August 29, 2017 12:08 PM Subject: Wireless onboarding and security posturing Greetings Looking for philosophy (policy?) as well as what products you are using to implement your solutions. Currently we use a NAC agent as a part of our onboarding procedure for windows computers connecting via NAC. Agents of course add a whole layer of support woes to the help desk. As the percentage (not necessarily number) of windows devices on wireless networks decreases, the effectiveness of deploying an agent seems to have decreasing returns. At the same time windows has increased their security posture over the years (nagging you to do updates and to turn on the firewall and virus protection) other devices have been added to the mix, like IOT, that have little or no protection built in. Spending so of our time supporting an agent that only protects a decreasing percentage of the devices on the network may not be the best policy. There is the argument that windows devices can cause the most problems, but do we spend the time focused on the single problem solution (windows agent) as opposed to implementing and supporting a more holistic solution that can recognize and respond to threats across platforms. We have talked to universities that run their wireless networks as wide open public access networks and choose only to defend with firewalls. We on the other end are more offensive and require user registration, NAC agents and MAC registration, along with the separation of the wireless network from the campus network. So, how do you provide and protect your wireless networks? Curtis Curtis Parish 615.494.8861 Senior Network Engineer [wordmark_web] ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
