This brings up an issue where I have philosophically wondered if mac address authentication isn’t better than 802.11x (wpa2). The reason isn’t because it guards the network better. But if one does get hacked at the point of accessing the network, the consequences are way less. One isn’t giving a way the keys to their other accounts. I know some institutions do use mac address authentication as their primary access method. It is difficult for institutions that can’t afford pricey on-boarding solutions to manage certificate lock downs. Hence, man in the middle attacks become prevalent as well.
We already use mac address authentication for devices that won’t support 802.1x. I keep wondering now if I shouldn’t make that our primary solution someday. I am curious as to what others think. Tim *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: [email protected]] *On Behalf Of *Turner, Ryan H *Sent:* Monday, October 16, 2017 6:51 AM *To:* [email protected] *Subject:* [WIRELESS-LAN] Big flaw in WPA2 https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/ Ryan Turner Manager of Network Operations, ITS The University of North Carolina at Chapel Hill +1 919 274 7926 Mobile +1 919 445 0113 Office ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
