Connecting devices of people registered within the eduroam project (WiFi and marked sockets)

This page summarizes information for users who were happy to connect to the network at the MFF UK, in buildings Ke Karlovu 3 and 5, through the eduroam project.

The eduroam designation and logo are registered trademarks of TERENA.

For wireless connection, a signal according to the 802.11b/g and 802.11a standards is available. The signal covers the corridors, auditoriums and, for the most part, offices in the Ke Karlovu 3 and Ke Karlovu 5 buildings. The 802.1x protocol is used for verification before connection.

In addition to a wireless connection, a cable connection with authentication according to the 802.1x standard is also available in selected public sockets. The corresponding sockets are color-coded with a rectangular mark (usually above the connector). 

The rules for using the eduroam network are defined by the roaming policy of this network. Users have the following obligations:

• Each roaming user is obliged to comply with the roaming conditions of the guest and home networks, as well as the principles of acceptable use of the CESNET academic network - see www.cesnet.cz.
• Each roaming user is obliged to immediately respond to the calls and instructions of the management of the guest network and the home network and the roaming center of CESNET.
• Each roaming user is fully responsible for the misuse of his personal data (password, certificate, ...) enabling him to access the network.

For users, the Dean's Directive no. 4/2018 - Rules for administering and using devices connected to the MFF UK network, also applies to the use of the service.

It follows from the principles of acceptable use of the CESNET academic network that users may not use this network for activities that:

• enable or attempt to gain unauthorized access to connected network resources
• violate intellectual property rights
• adversely affect the operation of the network or its individual services, prevent users from accessing these services, endanger the operation of the network or excessively limit its performance
• they waste network capacity
• destroys the integrity of information stored on computers and other network elements
• restrict user privacy.

To connect to the eduroam network, you need to have an account at any institution that is involved in this project, a list of them is available on the project website.

The connection in the Ke Karlov buildings takes place against the authorization resources available on the RUK, all authentication requests are forwarded there via a proxy.

Information regarding the login name and password for students and employees of the MFF UK is available on the website of the ÚVT UK.

Safety first

Storing passwords in registries is a security risk, especially when combined with a privileged account or an account without the need to enter passwords (any). Therefore, create a regular password-protected user account - once these prerequisites are met, storing the eduroam password in the registry does not greatly increase the security risk. If multiple users share the laptop, each user should have their own password-protected user account.

It is highly recommended to install and use certificates for authentication of authorization servers, for users of MFF UK and in general from the UK who are authenticated by the servers of ÚVT UK, Terena CA certificates (signed by Comodo's certification authority) apply, because then you defend against the risk of a man-in-the-middle attack. You can find more information about certificates and how to obtain them on the relevant ÚVT page. Remember that some programs do not share their certificates. Therefore, it is necessary to download and install the certificate multiple times for each group of programs. E.g. Internet Explorer uses a different certificate store than the Firefox web browser.

By connecting to a network, the computer becomes the target of attacks (and sometimes unknowingly another propagator of those attacks) - using eduroam does not increase this aspect of security. Therefore, it is very necessary to check the security of the operating system and improve it regularly.

The following data are monitored and logged in the eduroam network in accordance with the Roaming Policy of the Czech Federation eduroam:

• information about authentication requirements (802.1x, radius log)
• information about requirements for assigning an IP address to a MAC address (DHCP)
• suspicious ARPA traffic
• status and operational information of the APs used

Data is stored for a minimum of 6 months.

In case of problems or ambiguities that could not be overcome using this page and that concern eduroam at the MFF UK in Karlovy Vary, please contact the Karlov Computer Network Administration in confidence.