Kategorie: ‘IT-Security’
RWTH Adminrunden – Der aktive Austausch für hochschulrelevante IT-Themen
Source: Own illustration
Communication is key – dies gilt auch für die Arbeit der IT-Administratorinnen und Administratoren. Daher wurde vor bereits acht Jahren als Nachfolger des erfolgreichen Computertreffs die so genannte RWTH Adminrunde gegründet, die regelmäßig zwei bis drei Mal im Jahr stattfindet. Die Organisation der Treffen obliegt einem fünfköpfigen Team aus unterschiedlichen Einrichtungen und Instituten der RWTH Aachen und dem IT Center.
Datensicherung auf dem Weg in die Zukunft
Quelle: Pixabay
Das IT Center bietet mit dem zentralem Backup-Restore-Dienst allen Instituten und Einrichtungen der RWTH Aachen die Möglichkeit, Daten versioniert zu sichern und verlässlich wiederherstellen zu können. Damit können wir gewährleisten, dass Defekte an Rechnern, versehentliches Löschen/Überschreiben und zum Beispiel Software-Fehler nicht zum Verlust von Forschungs- oder anderen wichtigen Daten führen.
Was ist eigentlich ein Botnetz?
Im Blogbeitrag letzte Woche zur SPAM-Welle haben wir kurz das Thema „Botnetz“ angeschnitten. Was sich hinter diesem Begriff genau verbirgt und wie ein „Botnetz“ funktioniert, erklären wir in diesem Beitrag.
WiFi-Change at RWTH is in the Final Spurt: On July 09, 2019, the Security Certificate Expires!
A large part of the eduroam-change has already been completed at RWTH! What is still pending, however, is the conversion to a new security certificate.
The old security certificate for the Radius server, which is responsible for our eduroam connections, expires on July 09, 2019.
On June 04,2019 we successfully changed the login to the university WiFi eduroam. Now it is only possible to connect to eduroam with generated data from the eduraom Device Manager (EGM).
Stay connected!
Quelle: Eigene Darstellung
But not it’s time for you once again: “Grab your devices, reconfigure and keep on surfing!”
However, this only applies to those who have not yet converted according to our current instructions.
In our article “Safety First” we have already explained the functions of the certificate and what it is all about. It is definitely worthwhile to have a look!
What this means for you as an eduroam user, depending on your operating system, we will tell you in this article. And, of course, how you can make the change fast and easy according to best practice.
Reconfiguration – What does that mean for me?
For June 04, 2019, you have already successfully created access data for eduroam via the EGM and are using it. It is very possible that you have already completely reconfigured eduroam on your devices. So that you do not have to do anything further.
Depending on the operating system, however, there may be differences in the new configuration. *If you are familiar with the next steps, you have probably already done everything that had to be done to continue using eduroam after July 09, 2019.
Differences in operating system-specific nature are especially evident in Android and Linux compared to Windows, iOS and macOS.
Android and Linux #wlw
Android and Linux users have the possibility to select the EAP-method “PWD” when entering their EGM-access data.
You do not need to include a security certificate as the connection with this EAP-method in combination with the EGM-data is secure enough to withstand potential security vulnerabilities. Of course, you can also perform a manual setup. We have also documented the manual configuration for you. You can find our Android instructions here.
Setup with CAT-App is an alternative to the EAP-method PWD. Here the certificate is automatically downloaded in the background.
Windows, iOS, macOS #wlw
For Windows, iOS and macOS users, it is the easiest to set up eduroam with the CAT app. The download takes place in the background and another click triggers the installation. You also need the EGM-access data to connect to eduroam.
The CAT App is a tool that is provided by the German Research Network (DFN). With a click in our manual for Windows or iOS and macOS you get directly to the landing page of the DFN. The tool automatically recognizes which operating system it is and makes configuration easy for you.
Comments are always welcome if you have any questions, suggestions or feedback! You encounter technical problems? Then contact the IT-ServiceDesk of the IT Center.
Until then, we wish you every success with your conversion. Stay connected! #wlw 2019 at the RWTH Aachen.
Responsible for this article is Nicole Filla.
The Security Certificate: Your Key to eduroam
Quelle: Pixabay
Have you ever wondered what a security certificate actually does? And why is it so important? In the following article we would like to give you answers to these questions.
Our university WLAN eduroam is available on the entire campus of RWTH Aachen University. Even at the end of track 2 at main station you have a connection to the fast and secure network of the university. In total, we expect about 133,000 devices to be connected to the eduroam network.
But how does the secure connection to eduroam work? After all, the connection to the network takes place automatically as soon as our mobile devices detect a nearby network with the name “eduroam”.
What does a security certificate actually do?
And this is exactly where the security certificate comes into play. Your eduroam access data must be transmitted to the RWTH authentication server (RADIUS). Since this connection is encrypted in eduroam, your access data is secure during the transmission.
But do you know if your credentials are sent to the correct authentication server?
This task is performed by the security certificate of the Radius server. If, for example, you have used the CAT tool to configure your eduroam access on your device, the name of the Radius server and the root certificate of the certification chain will be entered/installed on your device.
Based on the names, your device checks whether the correct Radius server is addressed. In addition, based on the root certificate, the TLS protocol checks whether the Radius server is using a certificate that was issued by your trusted certification authority (CA).
You express this trust when you install the root certificate on your device. This means:
Install it once and trust it implicitly every time you connect.
With this root certificate, a conversion is now necessary. The “Deutsche Telekom Root CA 2“ certificate expires on Tuesday, July 9, 2019, at 23:59:00 GMT. This means, all eduroam devices, which only trust this certificate, will no longer be able to access the network after July 7, 2019, because the connection to the Radius server is no longer trusted.
But don’t worry, because the Radius server at RWTH is already working with both security certificates attached to different chains. The old one, which expires on July 09, 2019, and the new one, which is valid until October 1, 2033.
You can already switch to the new chain by changing the eduroam configuration of your devices to the new certificate.
Why is it so important to change the access data?
A further security aspect for the protection of your data is to encrypt it. In principle, it is currently still possible to use eduroam access data to draw conclusions about your personal information. The eduroam Device Manager provides a remedy by generating individual access data for each of your devices – without revealing your user name or password.
Therefore, the login will be changed on June 04, 2019. This in connection of the certificate conversion. A connection to the eduroam network is then only possible with secure access data from the eduroam Device Manager, which does not allow any inference to personal information (e.g. your user ID ab123456@rwth-aachen.de). Here as well, it is possible and sensible to change the access data as soon as possible.
We attach great importance to security and want you to remain online. For this reason, we already recommend creating secure access data with the eduroam Device Manager in conjunction with the new security certificate for your mobile devices.
We are aware that all of this means additional work for you, so we have put a lot of effort into the instructions. You can find out how to safely configure eduroam on IT Center Help.
We thank you for your understanding and look forward to your feedback!
Responsible for the content of this article is Nicole Filla with the kind support of Ekaterini Papachristou.
