On January 20, 2016, Heise Verlag published an article under the headline "Eduroam network at universities: Android users should urgently install certificate", which could give the impression that the Wi-Fi in the global eduroam network is insecure. This is not the case, but the article does indirectly point out two fundamental problems:
DFN-Verein had already pointed out inadequate and faulty implementations in the Android operating system in October 2014 and also noted that
only the correct use of the configuration options leads to a secure configuration. We then explained the problem in a longer article "Insecure eduroam configuration for Android devices" in the information blog.
Using the WLAN configuration instructions provided by GITZ leads to a secure eduroam configuration.
It is important to note that users can only use eduroam successfully and securely with the configurations of their respective home institution. We already pointed out the necessity of correct eduroam configurations in the DV-Koordinatoren Newsletter No. 18 and 19. It is not only users of Android operating systems who succumb to the temptation to "somehow" set up a Wi-Fi connection by "swiping and clicking" together with a user ID and password.
Even with other operating systems such as Apple IOS and Windows, you are not immune to creating an insecure configuration that does not comply with the specifications by trial and error.
In addition, a number of old devices with faulty software implementations are still in use, where users either do not carry out available updates against all recommendations or the manufacturers do not provide updates and security patches.
updates and security patches are provided by the manufacturers. In the latter case, only a new purchase will help.
The dangers to which users and thus also TU Braunschweig are exposed cannot be played down: In the case of devices that are not configured in accordance with our instructions or devices with faulty software implementation, attackers can intercept user IDs and passwords as well as record and evaluate the entire data traffic of the affected devices as a "man in the middle". Additional sensitization of users to this security-relevant issue is therefore highly desirable. In this respect, the attention generated by this article on the Heise Verlag website is very welcome.
Given the occasion, please refer your users to our instructions for setting up WLAN: doku.rz.tu-bs.de/doku.php.
With the SecureW2 JoinNow self-service interface, we have a simple, platform-independent solution in use that enables correct, almost automatic and, above all, secure WLAN configuration in just a few steps. For all those who still prefer to do it themselves, all the necessary parameters for a secure configuration are published on our instruction pages.