No, the solution is EAP-TLS with individual device certificates.
Bruce Osborne Senior Network Engineer Network Operations - Wireless (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Tim Tyler [mailto:[email protected]] Sent: Monday, October 16, 2017 9:57 AM Subject: Re: Big flaw in WPA2 This brings up an issue where I have philosophically wondered if mac address authentication isn’t better than 802.11x (wpa2). The reason isn’t because it guards the network better. But if one does get hacked at the point of accessing the network, the consequences are way less. One isn’t giving a way the keys to their other accounts. I know some institutions do use mac address authentication as their primary access method. It is difficult for institutions that can’t afford pricey on-boarding solutions to manage certificate lock downs. Hence, man in the middle attacks become prevalent as well. We already use mac address authentication for devices that won’t support 802.1x. I keep wondering now if I shouldn’t make that our primary solution someday. I am curious as to what others think. Tim From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Turner, Ryan H Sent: Monday, October 16, 2017 6:51 AM To: [email protected]<mailto:[email protected]> Subject: [WIRELESS-LAN] Big flaw in WPA2 https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/ Ryan Turner Manager of Network Operations, ITS The University of North Carolina at Chapel Hill +1 919 274 7926 Mobile +1 919 445 0113 Office ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
