|
|
|
|
|
|
by el_devo
4533 days ago
|
|
|
For what it's worth, at my university, UNC Chapel Hill, there are two networks, one of which requires you to install a custom root certificate, and is the network that the university prefers you connect to. For devices on which this is not possible, there is another network which only requires that you register your device's MAC address to your university id for access. Regardless of which option you choose, you are required to install another program (unless the OUI of your MAC indicates that it is a device other than a computer) which scans your computer for malware and any software which the university does not allow you to have, such as torrenting applications, and will not allow you to connect to the network until after your machine is cleared. This program must be running the entire time you are connected to the network or you will be disconnected. As a student who works as tech support in the dorms, it certainly is a nightmare! |
|
|
I've always been leery of the mitm cert, not only from the users' perspective, but also from that of the organization. If a rogue administrator used the cert to set up a "real" mitm for a local bank's site, I think the school would be on the hook for that. That's just one example; one could imagine other variations on that theme. Whereas, if the school simply acted as a normal ISP, that whole class of vulnerabilities simply doesn't apply.