CAF – eduroam Security Best Practices

Security is not a thing, but a practice.

We strongly recommend that each organization participating in eduroam adopt the following eduroam security best practices:

  1. Use RADIUS server certificates to enable a secure connection between the server and user devices.
  2. Create a CAT (Configuration Assistant Tool) Profile for your organization using cat.eduroam.org to offer a security-first configuration as the easiest path to connect. Strongly encourage your eduroam users to use the eduroam CAT tool through communications, marketing materials, etc.
  3. Assign users per realm, with eduroam visitors outside your firewall and trusted users inside.
  4. Isolate access points (APs) to mitigate the risk of traversal attacks.
  5. Educate your users regarding security best practices, such as not accepting untrusted certificates or connecting to any open networks using the “eduroam” name.