Security is not a thing, but a practice.
We strongly recommend that each organization participating in eduroam adopt the following eduroam security best practices:
- Use RADIUS server certificates to enable a secure connection between the server and user devices.
- Create a CAT (Configuration Assistant Tool) Profile for your organization using cat.eduroam.org to offer a security-first configuration as the easiest path to connect. Strongly encourage your eduroam users to use the eduroam CAT tool through communications, marketing materials, etc.
- Assign users per realm, with eduroam visitors outside your firewall and trusted users inside.
- Isolate access points (APs) to mitigate the risk of traversal attacks.
- Educate your users regarding security best practices, such as not accepting untrusted certificates or connecting to any open networks using the “eduroam” name.