I used the machine, offline, to take notes, saving a copy both to a thumbnail sized USB flash drive and the internal Chromebook storage. Perhaps I'm naive, but I felt no danger connecting the Chromebook to the public, open, unsecure network. Of course, I would only do so in Guest Mode. It also hides all files stored on the machine by other users. When you log out of Guest Mode, anything you changed such as saved files, bookmarks, etc. Of course, I was wary of any web page delivered by the open network.
My favorite site for this is DNS leak test and I was shocked when Chrome warned that "The site ahead contains harmful programs". My only clue as to the nature of the hack is that the "https" displayed by Chrome was gray rather than the normal green and there was no lock icon. This combination of indicators is not supposed to happen. It was enough already. I found the other Wi-Fi network much more interesting. This was my first encounter with an I was a bit lost dealing with the network.
There are also certificate-related choices that need to be made, and I was out of my element. The presenter asked us to try and login to his test network but, he too, was unprepared for a Chromebook. Back at my room, search engine research led nowhere. Half of what I read was about problems with a Chromebook on Enterprise networks, the other half was documentation, mostly from schools, about how to logon to their At one University, the instructions said to be patient, that it was normal for a Chromebook to take over 10 minutes to make the initial connection.
Google's documentation was disappointing to say the least. It's one thing to say nothing, but when they let Arneil write that a Chrome OS device can connect to "WEP-Enterprise networks" it shows how little they care. The next day, seeking an expert, I went back to the Wireless Village, but got there too early. Wouldn't you know it, one last try while I was waiting, succeeded. Judging by some old comments at defconnetworking.
This year, attendees were instructed to download two certificates, one of which was a root for DigiCert. Android seemed to be a particular problem this year:.
It seems like there is a number of Android devices that have issues validating the server certificate for We did some research and it seems like it is a common issue with different Android OS and hardware flavors. There are 3rd party supplicants but at this point this is not one that we can recommend. It turns out, that was exactly what I had done on my Chromebook. I had connected it to the None of that is necessary.
TLS is the same strong cryptographic technology that protects all online e-commerce transactions. As with almost everything in wireless security, there are conditions and qualifications. But for Wi-Fi networks that are properly using The reason for that is because enterprise Wi-Fi security is a two-step process, first creating a secure encrypted tunnel, using the aforementioned Transport Layer Security, between the wireless client and a RADIUS server authenticating the server and only then using MS-CHAP to authenticate the client.
VonNagy created a diagram to show the stages of this interaction. And therein lies the potential vulnerability. What vonNagy then focuses on is enabling Microsoft and Apple clients to accept specific trusted certificates and no others, while at the same time blocking them from manually accepting untrusted certificates.
Instead, for corporate networks with Then, if the client is presented with an untrusted certificate, the connection will be rejected automatically. There are numerous ways to do this, ranging from simple solutions such as sending them a profile in an email or providing a web URL where users can download the profile, to more complex solutions such as MDM integration that allow self-registration and zero IT involvement. This binding of certificate to SSID is still a manual process.
The IEEE John Cox covers wireless networking and mobile computing for Network World.
0コメント