Transcript Document
Minimal security requirements Barcelona, 6th of September 2005 David Simonsen,UNI-C "eduroam is a registered trademark of TERENA. David Simonsen is independent of TERENA." User credentials User credentials (i.e. username and password) must stay securely end-to-end encrypted between the personal device and the home institution when traversing the eduroam infrastructure to ensure that they will only be utilized by the user and his home institution. eduroam servers NRENs and institutions taking part in the eduroam federation must at all times run and maintain the relevant eduroam services according to best practice in order to ensure a generally high security level and thereby trust in the eduroam federation. The NREN and all connected institutions should provide: - Two physically separated and dedicated RADIUS servers, both connected to the eduroam servers at the hierarchal level above - - Restrictive router filters or firewall to protect the servers eduroam access points Wireless access points providing eduroam connectivity must be capable of providing 802.1X connectivity with preferably WPA or WPA2 encryption or, as a last resort, WEB (56/128) encryption. Protection of the eduroam brand All eduroam users must be properly authenticated, using the eduroam authentication infrastructure, before being authorized to use any eduroam related resource. Any unrelated resource being provided, promoted or otherwise affiliated with the eduroam brand should be handled as a security breach. eduroam trademark eduroam and the eduroam logo are trademarks or registered trademarks of TERENA. TERENA members and other international educational organisations already connected to eduroam or that will be allowed to connect to eduroam are allowed to use the eduroam trademarks only for eduroam purposes or related publications. The use of any eduroam trademarks by a third party must be agreed with TERENA beforehand and must be used in a manner that does not create potential confusion over the source of eduroam. If an eduroam trademark is used in the title of a publication, seminar, conference, or similar, the following statement should be used: "eduroam is a registered trademark of TERENA. [Insert publisher, producer or provider name] is independent of TERENA."