Freeradius vs Security
andre.forigato at rnp.br
Tue Apr 2 15:32:17 CEST 2019
Eduroam vs Security
I need to share information about the safety of Eduroam.
If a hacker installs an access point with the name of Eduroam, and this access point points to a Freeradius server, it is possible that the malicious person sees all the logins and passwords in the Freeradius logs.
How to avoid this situation? Should user institutions force their students to use personal certificates? (certificate issued by the institution itself to its students)
Reaffirming that the idea here is how to make users of university institutions not fall into the trap of malicious people. Anyone can set up an access point pointing to a fake freeradius server. And these malicious people can get the username and password from all the devices that connect to the Eduroam access point.
How can we solve this problem?
André Luis Forigato
More information about the Freeradius-Users