OSU Secure

What is OSU_Secure?

OSU_Secure is an option for those on campus who require data encryption while accessing the internet. It uses a 48-bit initialization vector and a 128-bit encryption key and utilizes Temporary Key Integrity Protocol (TKIP) to achieve security. This is a useful option for those who enjoy the leisure of online banking, but don't want to be concerned with unencrypted information being transmitted through the wireless network.

Why WPA?

WPA offers a more secure method of using OSU's wireless network. OSU_Secure SSID is the preferred method to securely access the OSU Network and the Internet. Wireless clients using the OSU_Access network will be limited to what they can access. You can use the VPN service on the OSU_Access network to have similar to secure access capabilities that OSU_Secure provides.

What is WPA?

WPA or Wi-Fi Protected Access is a class of systems to secure wireless computer networks. There are two classes of WPA that allow secure access to a wireless network:

  • WPA-PSK
  • WPA-Enterprise

WPA-PSK works well in a SOHO environment where a strong (minimum 20+ characters) Pre-Shared Key can be shared amongst a few wireless clients. WPA-Enterprise is more suitable for large organizations using an external authentication method. Both classes of WPA require encrypted authentication to occur prior to allowing encrypted data to be sent over the wireless.

The following URL has a comprehensive description of WPA and other references to implementations of WPA: Wikipedia's Wi-Fi Protected Access.

Who has access?

As with OSU_Access, anyone with valid ONID credentials may access OSU_Secure. For those who have forgotten their ONID login information, it can be reset using that individuals OSU ID? number and GAP? from the ONID homepage or by clicking here.

How can I use it?

You can either connect automatically or manually to the OSU_Secure. Connecting automatically should prompt for your onid username and password. If it doesn't, use the general settings for the OSU_Secure network to set it up manually:

  • SSID: OSU_Secure
  • Security: WPA2 Enterprise
  • EAP Method: PEAP (PEAPv0/EAP-MSCHAPv2)
  • Key Type: AES (or automatic)
  • Phase2 Type: MSCHAPv2
  • Username: ONID Username
  • Password: ONID Password

More detailed instructions with pictures are available for both Microsoft and Apple operating systems as well as select mobile devices. Click on any of the links below to view the instructions:

Windows 8

Windows 7/Vista

Windows XP

Mac OS 10.6 / 10.7

Mac OS 10.5

Linux (Unix)

Mobile

What does the "Secure" part of OSU secure mean?

The secure part means that any data you send over the wireless connection is encrypted. Browsers and websites can encrypt the data that they send anyway which happens on most or all sites that transfer any sensitive information. The encryption done by the wireless network is another layer of security that helps protect your sensitive information. The following is more technical information which is unnecessary for the use of the wireless networks.

Examples:

Un-Secured Wireless (OSU_Access):

Sending this data through an HTTP connection will be transmitted over the wireless network completely unencrypted. If you are submitting a comment to an unsecured forum the data would be transmitted in clear text which could be read by anybody with the correct software. For poorly designed websites they may also be able to see the username, password, and what website you were trying to log in to.

Sending this through a https (s stands for secure) connection will be encrypted on your computer and sent through the network. Anybody with the correct software would be able to see where you were sending the information to but not the actual information being sent. (more technically the header information will not be encrypted but the data will be).

Secured Wireless (OSU_Secure):

Sending this data through a HTTP connection will still result in everything being encrypted. Anybody with the correct software will be able to see that you are sending and receiving data but they will not be able to tell where you are sending it or what information you are sending (including usernames and passwords).

Sending this through a https (s stands for secure) connection will be encrypted on your computer and sent through the network where it will be encrypted again (more technically the data will be encrypted twice and the headers will be encrypted once). Anybody with the correct software would be able to see that you are sending and receiving data but they will not be able to see where you are sending it or what information you are sending (including usernames and passwords).

Windows 8

Windows 8 should be able to connect to the OSU_Secure network with the automatic instructions below. If these instructions fail, you can try connecting to OSU_Secure manually.


 

Connect Automatically

To connect to the OSU_Secure network:

  1. Click on your wireless network icon in your taskbar.
  2. Click on the OSU_Secure network in the list, and click the Connect button.
  3. A window should pop up asking for a username and password. Enter your ONID Username and ONID Password, and hit enter. Your computer should then connect to OSU_Secure.

Note: If you are unable to connect automatically, try the manual steps below:


 

Connect Manually

Below are the manual steps to connect to OSU_Secure with Windows Vista/7. Please follow all directions closely for proper setup.

All of the images below can be clicked on if you need a larger view.

Step 1

Right click on your wirless icon in the taskbar, then click Open Network and Sharing Center.


A list of your saved wireless networks (if any) should open up.

Step 2Wireless Connection Properties Menu

Click the Set up a new connection or network button on this page.

Note: If OSU_Secure is already listed here (if you tried to add it already), delete it from the list before continuing to clear out any old settings.

Step 3Wireless Networks List

A separate window should open. When it does, select Manually Create a Network Profile.

Step 4Association Screen

This will open a new connection box. Type in the following information:

  • Network Name: OSU_Secure
  • Security Type: WPA2_Enterprise
  • Encryption Type: AES

Leave everything else the way it is. Once finished, it should look like the screenshot to the left (click on it for a larger view). Click the Next button when you are done.

Step 5Success Added

A window should appear saying that you Successfully added OSU_Secure. Click the Change Connection Settings option, and a new settings window should open.

Step 6PEAP Properties

Click on the Security tab at the top, and verify that Security type is still WPA2-Enterprise, Encryption Type is still AES, and theNetwork Authentication Method is set to Microsoft: Protected EAP (PEAP).

Click on the Settings button next to the drop-down menu.

Step 7PEAP Settings

Un-check the box next to Validate Server Certificate.

Make sure that the Secure Authentication Method is set to Secure Password (EAP-MSCHAP v2), and then click the Configure button next to it.

Step 8Auto Login Settings

Un-check the box next to Automatically use my Windows logon name and password.

Click OK three times to close the open settings windows.

Step 9Connect to Secure Network

You should be looking at the Successfully added OSU_Securewindow again. Click Close to close this window.

Click on the wireless icon in the lower left-hand corner of your dock, select the OSU_Secure network from the list, and clickConnect.

Step 10ONID Login

A box should pop up asking for network authentication credentials. Enter your ONID username in the top box, then your ONID password in the bottom box and click OK.

Step 11

If it asks you to set a location for Secure, choose Public Network.

You should now be connected to the OSU_Secure network!

Windows Vista, 7

Windows Vista and Windows 7 should be able to Connect to the OSU_Secure network with the automatic instructions below. If these instructions fail, you can try connecting to OSU_Secure manually


 

Connect Automatically

To connect to the OSU_Secure network:

  1. Click on your wireless network icon in your taskbar.
  2. Click on the OSU_Secure network in the list, and click the Connect button.
  3. A window should pop up asking for a username and password. Enter your ONID Username and ONID Password, and hit enter. Your computer should then connect to OSU_Secure.

Note: If you are unable to connect automatically, try the manual steps below:


 

Connect Manually

Below are the manual steps to connect to OSU_Secure with Windows Vista/7. Please follow all directions closely for proper setup.

All of the images below can be clicked on if you need a larger view.

Step 1

Click Start, then click Control Panel. Once the Control Panel opens, click Network and Internet, then Network and Sharing Center, then on the left-hand side, click Manage Wireless Networks.

A list of your saved wireless networks (if any) should open up.

Step 2Wireless Connection Properties Menu

Click the Add button on this page.

Note: If OSU_Secure is already listed here (if you tried to add it already), delete it from the list before continuing to clear out any old settings.

Step 3Wireless Networks List

A separate window should open. When it does, select Manually Create a Network Profile.

Step 4Association Screen

This will open a new connection box. Type in the following information:

  • Network Name: OSU_Secure
  • Security Type: WPA2_Enterprise
  • Encryption Type: AES

Leave everything else the way it is. Once finished, it should look like the screenshot to the left (click on it for a larger view). Click the Next button when you are done.

Step 5Success Added

A window should appear saying that you Successfully added OSU_Secure. Click the Change Connection Settings option, and a new settings window should open.

Step 6PEAP Properties

Click on the Security tab at the top, and verify that Security type is still WPA2-Enterprise, Encryption Type is still AES, and the Network Authentication Method is set to Microsoft: Protected EAP (PEAP).

Click on the Settings button next to the drop-down menu.

Step 7PEAP Settings

Un-check the box next to Validate Server Certificate.

Make sure that the Secure Authentication Method is set to Secure Password (EAP-MSCHAP v2), and then click the Configure button next to it.

Step 8Auto Login Settings

Un-check the box next to Automatically use my Windows logon name and password.

Click OK three times to close the open settings windows.

Step 9Connect to Secure Network

You should be looking at the Successfully added OSU_Secure window again. Click Close to close this window.

Click on the wireless icon in the lower left-hand corner of your dock, select the OSU_Secure network from the list, and click Connect.

Step 10ONID Login

A box should pop up asking for network authentication credentials. Enter your ONID username in the top box, then your ONID password in the bottom box and click OK.

Step 11

If it asks you to set a location for Secure, choose Public Network.

You should now be connected to the OSU_Secure network!

Windows XP

Important End-of-Life Notice Regarding Windows XP

Microsoft will stop support and security patching for Windows XP on April 8, 2014. The international security community believes that Windows XP computers will be heavily targeted by organized crime and hackers as soon as Microsoft ends support. We strongly recommend that you migrate to a supported Windows platform, such as Windows 7 or Windows 8, before the end of March 2014.

Below are the steps to connect to OSU_Secure with Windows XP. Please follow all directions closely for proper setup.

All of the images below can be clicked on if you need a larger view.

Step 1Run Dialog

Click Start, then click Run. A run box will open. When it does, type "ncpa.cpl" and click OK.

Step 2Wireless Connection Properties Menu

The network connections box will open. Once it does, right-click on your Wireless Network Connection entry, and click Properties.

Step 3Wireless Networks List

A connection properties window should open. When it does, click the Wireless Networks tab at the top.

Note: You should see a list of wireless networks. If OSU_Secure is already listed, highlight it and click the Remove button to clear out all old settings.

Click the Add button.

 

Step 4Association Screen

This will open a new connection box. Type in "OSU_Secure" for the name, then select WPA2 for network authentication, and select AES for data encryption.

Click the Authentication tab at the top.

Step 5Authentication Tab

Select Protected EAP (PEAP) for the EPA Type.

Click the Properties button.

 

Step 6PEAP Properties

This will open a separate properties box. Un-check the Validate Server Certificate box, then click the Configure button at the bottom.

Step 7Auto Logon

Another box will open. Un-check the Automatically use my Windows logon name and password box, and click OK.

 

Step 8

Click OK three times to close all the open settings boxes.

You should be back to the Network Connections page. Right-click on the Wireless Network Connection entry and click View Available Wireless Networks.

Step 9Popup

Windows should automatically connect to OSU_Secure at this point. If it doesn't, just double-click on the OSU_Secure entry to connect.

Windows will begin connecting. At some point, a popup window will appear asking for credentials. Click on this popup window to open the credentials page.

Step 10Credential Page

Enter your ONID username in the user name box, your ONID password in the password box, and then type "ONID" in the Logon domain box.

Click OK, and it will connect you to OSU_Secure.

Mac OS 10.6 / 10.7

Below are the steps to connect to OSU_Secure with OSX 10.6 (Snow Leopard) and OSX 10.7 (Lion). Please follow all directions closely for proper setup.

All of the images below can be clicked on if you need a larger view.

Step 1Wireless Connection Properties Menu

Click the wireless icon in the upper-left hand corner and select OSU_Secure from the list.

Step 2Wireless Networks List

A window will open asking for a username/password. Enter your ONID Username in the User Name box, and your ONID Password in the Password Box.

Click OK.

Step 3Association Screen

Your computer will then attempt to connect to OSU_Secure.

If you get a popup similar to the one on the right asking to verify a certificate, click Continue.

Mac OS 10.5

Below are the steps to connect to OSU_Secure with OSX 10.5 (Leopard). Please follow all directions closely for proper setup.

All of the images below can be clicked on if you need a larger view.

Step 1Apple Menu

Click on the Apple icon in the upper-left hand corner, then select System Preferences.

Step 2Wireless Network Icon

Click on the Network icon on this screen.

Step 3Association Screen

Select Airport from the list on the left, then click the Advanced button.

Step 4Association Screen

Click the '+' symbol to add a new wireless network.

Step 5Network Settings

Type OSU_Secure for the Network Name, and select WPA2 Enterprise for security. More fields should appear after selecting this.

In the Username box, type ONID\, followed by your ONID username.

Example: If your onid username is beaverb, you would type "ONID\beaverb"

Enter your ONID password in the password box. Leave the 802.1X box alone at its default value.

Step 6Association Screen

Click the OK button at the bottom of the screen.

Step 6Apply Button

Now lick the Apply button. This should close all the open settings windows.

Step 7Association Screen

Click the Airport icon in the upper-right hand corner, and select OSU_Secure from the list.

Step 8Authentication Screen

Your computer will then attempt to connect to OSU_Secure.

If you get a popup similar to the one on the right asking to verify a certificate, click Continue.

OSU_Secure Wireless on Linux (Unix)

PLEASE NOTE:

The OSU Computer Helpdesk does not officially support Linux devices on the secure wireless network. Most should work fine if configured properly, but if any questions arise, they should be directed to the Linux community (there is a Linux Users Group on campus as well). The details on this page are only suggestions that have been reported to work in the past.

The general settings for the OSU Secure network are as follows:

  • SSID: OSU_Secure
  • Security: WPA2 Enterprise
  • EAP Method: PEAP (PEAPv0/EAP-MSCHAPv2)
  • Key Type: AES (or automatic)
  • Phase2 Type: MSCHAPv2
  • Domain (If required): ONID
  • Username: ONID Username
  • Password: ONID Password

If you are unable to get the default wireless manager to work, users have had success switching to WICD as their wireless manager.

For help installing WICD for your flavor of Linux, see the WICD Downloads Page. The top of this page also provides some basic troubleshooting steps to start using it.

NOTE: Once you install WICD, you will have to uninstall or stop your other wireless manager to use it.

OSU_Secure Mobile Settings

These are the general settings that a mobile device will have to have in order to connect to OSU_Secure.

  • SSID: OSU_Secure
  • Security: WPA2 Enterprise (Or 802.1x EAP)
  • EAP Method: PEAP (PEAPv0 / EAP-MSCHAPv2)
  • Key Type: AES (or automatic)
  • Phase2 Type: MSCHAPv2
  • Username: ONID\ONID Username
  • Password: ONID Password
  • Note: Under Show advanced options make sure Proxy settings is set to none, otherwise you will be unable to save.

Note: These pictures only reflect one version of Android. If you cannot set up your phone on the network, please call us at: 541-737-3474

In general, please find OSU_Secure in your Wi-Fi settings. Once you click OSU_Secure, it's going to request that you put in a username, and a password. Proceed to put your ONID username, and your ONID password in the appropriate fields. 

If it asks you to accept a network certificate after you've successfully entered your ONID username and ONID password in the appropriate login fields - please accept this certificate. Once you've fully accepted - you should have access to the wireless network.

Android Wireless Settings Screen Android, Add Network Screen

iOS, Wireless Screen

iOS, Certificate Screen

If you have a phone that is not in the list of current devices with instructions we are always willing to add them so if you can create specific instructions please email us with them and we will post them here. Screenshots (if possible) are also much appreciated and will also be posted.