Without giving too much detail about our infrastructure; we are having issues onboarding Android 11 devices running the December security update. It’s only affecting Google Pixel phones at the moment but I’m fearful this will affect all Android devices soon. We currently use PEAP and MSCHAPv2 and “do not validate” certificate to authenticate to our Radius server using user credentials. Google Pixels now require you to specify a domain as well where they did not in the past.
The more I read about this, the more I understand the need for certificate authentication per device and not relying on user credentials. I guess my question is how do you configure your NAC to use EAP-TLS and how do you generate and share a certificate that is installed by the client?
I’m a fairly new network analyst so I’m not we’ll versed in security. We have our own security department that owns our NAC and server team that operates our Radius server. My group really only handles network infrastructure. It’s a team effort so no one group owns the onboarding process.
I’m sure other organizations are experiencing this and wanted to know how they are solving this problem.
No comments:
Post a Comment