Re: Fwd: bit OT -- Wifi technology

[Barry Lynam <b.lynam () QUT EDU AU>]

Hi,

Can't really comment on the cisco infrastructure etc. but I'm interested in
hearing about certificate issues.  Each year when the certificate expires
and requires changing, we go through a huge amount of pain testing devices
just to see how they will behave so the helpdesk knows what to expect.  Do
others have same issues?  Different devices with different version of code
behave differently.

We use WEP2 enterprise, 802.1x, PEAP and some other options for auth and
encryption.

Barry




On 3/09/10 8:08 AM, "Russell Fulton" <r.fulton () AUCKLAND AC NZ> wrote:

> Hi Folks
>
> this stuff has security implications but really is not primarily a security
> topic so please forgive me for taking liberties with the list.
>
> Currently we are a cisco shop as far as our wireless infrastructure goes --
> enterprise WPA2, EAP, PEAP,  authenticated via radius, but are now looking at
> alternatives.  
>
> One thing that we are aware of is the convergence of traditional wifi and
> cellphone technology.  It seems clear that '4G' will support some form of
> (more or less ?) seamless marriage of the two.  This is vitally important for
> us because 3G bandwidth is extremely expensive here -- to the point where
> potentially useful mobile applications are too expensive for a large sector of
> our student population.  Added to this is the problem of different network
> providers -- any deal struck with one provider will leave more than 50% of our
> users out in the cold.  Being able to leverage our wireless network with most
> phones would be a big advantage.  Many people already use iPhones this way but
> is currently not widespread enough to deliver essential services over.
>
> The other thing that we are aware of is that the Cisco gear performs well in
> some circumstances but sub optimally in others.  We wonder if we can improve
> the over all performance of our wireless presence by buying AP from another
> provider for some niche environments (e.g. lecture theatre and other
> relatively open spaces)
>
> And then then there is the security aspect of mixing technologies/vendors.
> Are there things that we should look out for?  In theory so long as we can
> authentication via one of radius, kerberos or AD we should be fine but is it
> as simple as that?
>
> So we would very much like to hear any real world experiences or of any
> crystal ball gazing that others have done that might help us decide where to
> go...
>
> Thanks, Russell  

--
Barry Lynam | Information Security Manager | IT Services | QUT
Phone: +61 7 3138 9408 | Fax: +61 7 3138 2921
Postal:  Level 3, 88 Musk Ave, Kelvin Grove | GPO Box 2434 | Brisbane QLD
4001
Email: b.lynam () qut edu au | http://www.qut.edu.au/security/
CRICOS No 00213J