ITS and UVa logos for printed output

UVa Wireless Network

Wireless Security and Policy

Security Statement for the cavalier Encrypted Wireless Network

The cavalier wireless network uses a wireless security standard known as WPA2 (Wi-Fi Protected Access 2) Enterprise, aka 802.1X WPA2. WPA2 Enterprise can use serveral authentication protocols as well as two different encryption types. The cavalier network uses an authentication protocol called EAP-TLS (Extensible Authentication Protocol-Translation Layer Security) and AES (Advanced Encryption Standardl) encryption. EAP-TLS protocol utilizes digital certificates on your computer to authenticate yourself to the network and verify the access point is an official secure ITS AP. AES encryption ensures that every data packet is sent with its own unique security key.

Additional Security

It is important to remember that wireless encryption is not intended to be your only security. Wireless encryption is just meant to try to make a wireless network as hard to "sniff" as a wired network. (In reality, WPA Enterprise provides significantly more data privacy than a normal wired network.) Standard security practices are still necessary.

Remember that this wireless encryption system only protects your data while it travels over the airwaves. As soon your data hits the local wireless access point in your building, it flows over the building's standard wired network and is no longer protected by the wireless encryption system. As with the traditional wire-based network, additional security (i.e. VPN connections, encrypted Web pages using SSL and secure remote logins, and file transfers using SSH) should still be used for high valued data transactions.

Security Statement for the wahoo Wireless Network

The wahoo wireless network does not use any encryption protocol. The information that travels between the computer and the access point is not encrypted and can be intercepted and recorded. In addition, there can be no guarantee that the wahoo wireless network you connect to is ITS's or even on the UVa network (it may be a rogue access point setup with ITS's wireless network name).

For these reasons ITS highly recommends UVa affiliated wireless users upgrade their operating system and wireless hardware so they can establish an encrypted connection. Guests are encouraged to make use of any VPN resources provided by their own institutions for network data protection.

Additional Security

As with the traditional wire-based network, additional security (e.g., VPN connections, encrypted Web pages using SSL and secure remote logins, and file transfers using SSH) should be used for high valued data transactions. Use of these services is critical in order to protect any data transferred over any unencrypted wireless network.

Related Information

 

 

Page Updated: 2011-11-18

Standards & Policy

University of Virginia
Information Technology Services
2015 Ivy Road
P.O. Box 400324
Charlottesville, Virginia, 22904-4324 USA

UVa Help Desk: 434-924-HELP (434-924-4357) • 4help@virginia.edu

Page Updated: 2011-11-18; © 2012 by the Rector and Visitors of the University of Virginia.

The information contained on the University of Virginia’s Department of Information Technology Services (ITS) website is provided as a public service with the understanding that ITS makes no representations or warranties, either expressed or implied, concerning the accuracy, completeness, reliability or suitability of the information, including warrantees of title, non-infringement of copyright or patent rights of others. These pages are expected to represent the University of Virginia community and the State of Virginia in a professional manner in accordance with the University of Virginia’s Computing Policies.