Trying to connect to a wireless network validating identity
These solutions are pretty complex, So if you need some assistance, you can CONTACT US here for free help from one of our consultants. We’ve also got some free resources on our site that will help point you in the right direction.If you have a problem connecting to eduroam please follow the below instructions to manually add eduroam.
It is trivial (and in some cases entirely free) for an attacker to get a valid certificate from a public CA that can match the hostname of the attacker's own "authentication server." If specific hostnames for the authentication servers are not configured in the EAP supplicant (and they often are not or can't be), then even if the designated CA is configured and is a public CA, the attack just needs to get their certificate from the same public CA. An attacker will have a much more difficult time getting a valid certificate issued from the private CA of the school and if that private CA is the only designated CA in the EAP supplicant, then it makes it very difficult for an attacker to pretend to be the real wireless network and capture credentials for those clients.I apologize for being redundant, but this is the key point.Since the EAP supplicant isn't connected to a network before deciding to pass along your username/password, it is limited in the information it can use to make this decision.Guest: This user can only access the internet and check email.So there you have it, those are the things that a true NAC solution should do on your wireless network.
Network Access Control or NAC, is one of the terms that if I polled 20 Secur Edge clients, most of them would have a different way to define NAC.