Easy 802.1X Onboarding with EAPConfig files and SCAD

Enterprise networks are now well established and there exists many standards which are used to guarantee security and provide mechanisms for devices and users to attach to the LAN or WLAN. An example of this is eduroam which is built on top of IEEE 802.1X to allow academics and students from participating institutions to securely roam to networks all over the world. While eduroam has proven massively successful, the guarantee of secured roaming and access is based on the assumption that user’s devices (that is to say, their supplicants) are configured correctly and fully. While BYOD users need to configure their devices to facilitate access, it is possible to partially configure the supplicant so that access is granted but the end device is not fully secured against all methods of attack. Typical BYOD environment usually puts the burden of configuration onto users. The complexity and time involved in manually configuring some supplicants has resulted in some users only partially configuring their devices in order to obtain network access, but not fully securing themselves. Supplicant configuration automation tools such as eduroamCAT and SU1X have gone a long way to improving the laborious and confusing task of configuring a supplicant fully. But the change in distribution models for software that has arrived with smart-phones and tablets means traditional configuration tools are hard to access and obtain. We are proposing the use of EAPConfig files to standardise the means of transferring configuration information to supplicants, and SCAD as a process to aid the discovery of the EAPConfig files. This new approach will work with the traditional and new software distribution models, and improve the easy of onboarding onto enterprise networks. We have developed a android app that will be used as an example of how the EAPConfig files can be consumed and discovered automatically.

Speakers

Part of session

What's next for eduroam?

Related documents