VPN bypassing passwords
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2017 11:18 AM
We are a school and today I was informed that our kids are connecting to our staff SSID which requires authentication to Active Directory by using a VPN on their phone. My ? is why is it allowing the traffic to flow without a password. Any ideas
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2017 12:33 PM
My question would be is why your APs are broadcasting the SSID anyway. check to make sure you're hitting your Radius server properly. also, you should have a Guest WiFi set up for the kids gives you total control to what they look up.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2017 12:36 PM
If students log in to laptops on a pupil SSID then what is it that stops them using other SSIDs with those accounts?
On school devices you have made them users and locked down with group policy, but on their phones they'll be admins.
Or they have compromised a staff account (either observing or guessing or cracking a password).
Ideally find a kid and let them show off how easy it is to do and let them show you their technique. In my experience they love showing off to a techie.
Just random thoughts.
On school devices you have made them users and locked down with group policy, but on their phones they'll be admins.
Or they have compromised a staff account (either observing or guessing or cracking a password).
Ideally find a kid and let them show off how easy it is to do and let them show you their technique. In my experience they love showing off to a techie.
Just random thoughts.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2017 02:15 AM
If the SSID needs a logon, then you see the username in the device list.
Find devices that are not supposed to be on the staff net and see what accounts they are using.
If it’s their own, your setup is wrong
Find devices that are not supposed to be on the staff net and see what accounts they are using.
If it’s their own, your setup is wrong

