Wireless Access

Our Macs that have updated to the latest version of macOS, Big Sur, report an Unsecured Network message when connected to the Aruba wireless network. We use a secured captive portal as a login to our production network. The computer is then registered using RADIUS in our NAC server. Is this connection truly insecure as macOS states? 

------------------------------
Nathan Kuhl
------------------------------

What is the encryption type defined on the SSID? If it is Open System then it will be considered unsecured. To resolve this you should consider WPA2/3 on the SSID.

------------------------------
Craig Syme
------------------------------

Original Message:
Sent: Jan 20, 2021 06:59 PM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Our Macs that have updated to the latest version of macOS, Big Sur, report an Unsecured Network message when connected to the Aruba wireless network. We use a secured captive portal as a login to our production network. The computer is then registered using RADIUS in our NAC server. Is this connection truly insecure as macOS states? 

------------------------------
Nathan Kuhl
------------------------------

It is open but as I said, we use an encrypted captive portal to initially sign in and register the device on our NAC server. Is it truly unsecured or is Big Sur mistakenly classifying it as such?

I get that most use WPA, and we may go down that road in the future, but for now, we're using a secure captive portal to initially register the device.

------------------------------
Nathan Kuhl
------------------------------

Original Message:
Sent: Jan 21, 2021 03:58 AM
From: Craig Syme
Subject: macOS Big Sur - Unsecured Network

What is the encryption type defined on the SSID? If it is Open System then it will be considered unsecured. To resolve this you should consider WPA2/3 on the SSID.

------------------------------
Craig Syme

Original Message:
Sent: Jan 20, 2021 06:59 PM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Our Macs that have updated to the latest version of macOS, Big Sur, report an Unsecured Network message when connected to the Aruba wireless network. We use a secured captive portal as a login to our production network. The computer is then registered using RADIUS in our NAC server. Is this connection truly insecure as macOS states? 

------------------------------
Nathan Kuhl
------------------------------

Original Message:
Sent: 1/21/2021 6:31:00 AM
From: nkuhl30
Subject: RE: macOS Big Sur - Unsecured Network

It is open but as I said, we use an encrypted captive portal to initially sign in and register the device on our NAC server. Is it truly unsecured or is Big Sur mistakenly classifying it as such?

I get that most use WPA, and we may go down that road in the future, but for now, we're using a secure captive portal to initially register the device.

------------------------------
Nathan Kuhl
------------------------------

Original Message:
Sent: Jan 21, 2021 03:58 AM
From: Craig Syme
Subject: macOS Big Sur - Unsecured Network

What is the encryption type defined on the SSID? If it is Open System then it will be considered unsecured. To resolve this you should consider WPA2/3 on the SSID.

------------------------------
Craig Syme

Original Message:
Sent: Jan 20, 2021 06:59 PM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Our Macs that have updated to the latest version of macOS, Big Sur, report an Unsecured Network message when connected to the Aruba wireless network. We use a secured captive portal as a login to our production network. The computer is then registered using RADIUS in our NAC server. Is this connection truly insecure as macOS states? 

------------------------------
Nathan Kuhl
------------------------------

The answer depends on your SSID settings. A open SSID with a captive portal login, even when using a RADUIS server is unencrypted and therefore unsecured. Traffic can be sniffed.

We are currently using EAP-PEAP MSCHAPv2 to RADIUS & AD and will move to the more secure certificate based EAP-TLS on our network.

------------------------------
Bruce Osborne
------------------------------

Original Message:
Sent: Jan 20, 2021 06:59 PM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Our Macs that have updated to the latest version of macOS, Big Sur, report an Unsecured Network message when connected to the Aruba wireless network. We use a secured captive portal as a login to our production network. The computer is then registered using RADIUS in our NAC server. Is this connection truly insecure as macOS states? 

------------------------------
Nathan Kuhl
------------------------------

It's not only on an open SSID that you can sniff traffic, but you also can inject traffic and by spoofing the MAC address of an authorized client (which you can easily sniff) you can circumvent the captive portal and get to any resources that the authenticated user could get.

The funny is that your Guest network does have encryption.

If you can't move to EAP/WPA Enterprise, you probably should at least enable WPA2-PSK with an impossible-to-guess password on the SSID if it provides access to anything that has value.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Jan 21, 2021 07:40 AM
From: Bruce Osborne
Subject: macOS Big Sur - Unsecured Network

The answer depends on your SSID settings. A open SSID with a captive portal login, even when using a RADUIS server is unencrypted and therefore unsecured. Traffic can be sniffed.

We are currently using EAP-PEAP MSCHAPv2 to RADIUS & AD and will move to the more secure certificate based EAP-TLS on our network.

------------------------------
Bruce Osborne

Original Message:
Sent: Jan 20, 2021 06:59 PM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Our Macs that have updated to the latest version of macOS, Big Sur, report an Unsecured Network message when connected to the Aruba wireless network. We use a secured captive portal as a login to our production network. The computer is then registered using RADIUS in our NAC server. Is this connection truly insecure as macOS states? 

------------------------------
Nathan Kuhl
------------------------------

Original Message:
Sent: 1/21/2021 7:56:00 AM
From: Herman Robers
Subject: RE: macOS Big Sur - Unsecured Network

It's not only on an open SSID that you can sniff traffic, but you also can inject traffic and by spoofing the MAC address of an authorized client (which you can easily sniff) you can circumvent the captive portal and get to any resources that the authenticated user could get.

The funny is that your Guest network does have encryption.

If you can't move to EAP/WPA Enterprise, you probably should at least enable WPA2-PSK with an impossible-to-guess password on the SSID if it provides access to anything that has value.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Jan 21, 2021 07:40 AM
From: Bruce Osborne
Subject: macOS Big Sur - Unsecured Network

The answer depends on your SSID settings. A open SSID with a captive portal login, even when using a RADUIS server is unencrypted and therefore unsecured. Traffic can be sniffed.

We are currently using EAP-PEAP MSCHAPv2 to RADIUS & AD and will move to the more secure certificate based EAP-TLS on our network.

------------------------------
Bruce Osborne

Original Message:
Sent: Jan 20, 2021 06:59 PM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Our Macs that have updated to the latest version of macOS, Big Sur, report an Unsecured Network message when connected to the Aruba wireless network. We use a secured captive portal as a login to our production network. The computer is then registered using RADIUS in our NAC server. Is this connection truly insecure as macOS states? 

------------------------------
Nathan Kuhl
------------------------------

Technically traffic to the portal is secured but all other traffic is broadcast in the clear offered to everybody in the area. Definitely not a secure network unless you are only talkin to the portal.

------------------------------
Bruce Osborne
------------------------------

Original Message:
Sent: Jan 21, 2021 08:49 AM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Thanks everyone for the responses. It's strange that Aruba support just responded with the following:

"From the case description I understand that after updating the mac devices to Big Sur, you are receiving an unsecured network alert.

 

As long as the captive portal certificate is valid and not expired, the connecting shouldn't be insecure. It could be an issue from the Apple end."

-- 

Nathan Kuhl
Information Technology
Wyoming Seminary
570-270-2241

*** Please report all problems to the help desk: https://helpdesk.wyomingseminary.org ***

Original Message:
Sent: 1/21/2021 7:56:00 AM
From: Herman Robers
Subject: RE: macOS Big Sur - Unsecured Network

It's not only on an open SSID that you can sniff traffic, but you also can inject traffic and by spoofing the MAC address of an authorized client (which you can easily sniff) you can circumvent the captive portal and get to any resources that the authenticated user could get.

The funny is that your Guest network does have encryption.

If you can't move to EAP/WPA Enterprise, you probably should at least enable WPA2-PSK with an impossible-to-guess password on the SSID if it provides access to anything that has value.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Jan 21, 2021 07:40 AM
From: Bruce Osborne
Subject: macOS Big Sur - Unsecured Network

The answer depends on your SSID settings. A open SSID with a captive portal login, even when using a RADUIS server is unencrypted and therefore unsecured. Traffic can be sniffed.

We are currently using EAP-PEAP MSCHAPv2 to RADIUS & AD and will move to the more secure certificate based EAP-TLS on our network.

------------------------------
Bruce Osborne

Original Message:
Sent: Jan 20, 2021 06:59 PM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Our Macs that have updated to the latest version of macOS, Big Sur, report an Unsecured Network message when connected to the Aruba wireless network. We use a secured captive portal as a login to our production network. The computer is then registered using RADIUS in our NAC server. Is this connection truly insecure as macOS states? 

------------------------------
Nathan Kuhl
------------------------------

Original Message:
Sent: 1/21/2021 8:59:00 AM
From: bosborne
Subject: RE: macOS Big Sur - Unsecured Network

Technically traffic to the portal is secured but all other traffic is broadcast in the clear offered to everybody in the area. Definitely not a secure network unless you are only talkin to the portal.

------------------------------
Bruce Osborne
------------------------------

Original Message:
Sent: Jan 21, 2021 08:49 AM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Thanks everyone for the responses. It's strange that Aruba support just responded with the following:

"From the case description I understand that after updating the mac devices to Big Sur, you are receiving an unsecured network alert.

 

As long as the captive portal certificate is valid and not expired, the connecting shouldn't be insecure. It could be an issue from the Apple end."

-- 

Nathan Kuhl
Information Technology
Wyoming Seminary
570-270-2241

*** Please report all problems to the help desk: https://helpdesk.wyomingseminary.org ***

Original Message:
Sent: 1/21/2021 7:56:00 AM
From: Herman Robers
Subject: RE: macOS Big Sur - Unsecured Network

It's not only on an open SSID that you can sniff traffic, but you also can inject traffic and by spoofing the MAC address of an authorized client (which you can easily sniff) you can circumvent the captive portal and get to any resources that the authenticated user could get.

The funny is that your Guest network does have encryption.

If you can't move to EAP/WPA Enterprise, you probably should at least enable WPA2-PSK with an impossible-to-guess password on the SSID if it provides access to anything that has value.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Jan 21, 2021 07:40 AM
From: Bruce Osborne
Subject: macOS Big Sur - Unsecured Network

The answer depends on your SSID settings. A open SSID with a captive portal login, even when using a RADUIS server is unencrypted and therefore unsecured. Traffic can be sniffed.

We are currently using EAP-PEAP MSCHAPv2 to RADIUS & AD and will move to the more secure certificate based EAP-TLS on our network.

------------------------------
Bruce Osborne

Original Message:
Sent: Jan 20, 2021 06:59 PM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Our Macs that have updated to the latest version of macOS, Big Sur, report an Unsecured Network message when connected to the Aruba wireless network. We use a secured captive portal as a login to our production network. The computer is then registered using RADIUS in our NAC server. Is this connection truly insecure as macOS states? 

------------------------------
Nathan Kuhl
------------------------------

It depends a bit on the exact question that is asked, but I would not advise using open networks for anything. For some cases, like in anonymous guest networks, there is no real alternative. WPA3 OWE is promising for that use by adding encryption.

For authenticated networks, I would go for WPA2-Enterprise wherever possible. If you like the learn more about security principles, and I would expect this captive portal and different types of wireless encryption to be part of it, there is a nice webinar series about Security Essentials coming up next week.

If you like, please share the case number in a private message, or ask the TAC Engineer to reach out to me. More than happy to see the context of this.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Jan 21, 2021 08:49 AM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Thanks everyone for the responses. It's strange that Aruba support just responded with the following:

"From the case description I understand that after updating the mac devices to Big Sur, you are receiving an unsecured network alert.

 

As long as the captive portal certificate is valid and not expired, the connecting shouldn't be insecure. It could be an issue from the Apple end."

-- 

Nathan Kuhl
Information Technology
Wyoming Seminary
570-270-2241

*** Please report all problems to the help desk: https://helpdesk.wyomingseminary.org ***

Original Message:
Sent: 1/21/2021 7:56:00 AM
From: Herman Robers
Subject: RE: macOS Big Sur - Unsecured Network

It's not only on an open SSID that you can sniff traffic, but you also can inject traffic and by spoofing the MAC address of an authorized client (which you can easily sniff) you can circumvent the captive portal and get to any resources that the authenticated user could get.

The funny is that your Guest network does have encryption.

If you can't move to EAP/WPA Enterprise, you probably should at least enable WPA2-PSK with an impossible-to-guess password on the SSID if it provides access to anything that has value.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Jan 21, 2021 07:40 AM
From: Bruce Osborne
Subject: macOS Big Sur - Unsecured Network

The answer depends on your SSID settings. A open SSID with a captive portal login, even when using a RADUIS server is unencrypted and therefore unsecured. Traffic can be sniffed.

We are currently using EAP-PEAP MSCHAPv2 to RADIUS & AD and will move to the more secure certificate based EAP-TLS on our network.

------------------------------
Bruce Osborne

Original Message:
Sent: Jan 20, 2021 06:59 PM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Our Macs that have updated to the latest version of macOS, Big Sur, report an Unsecured Network message when connected to the Aruba wireless network. We use a secured captive portal as a login to our production network. The computer is then registered using RADIUS in our NAC server. Is this connection truly insecure as macOS states? 

------------------------------
Nathan Kuhl
------------------------------

Sorry, but what TAC said is not correct. Any unencrypted network or networks using legacy encryption will be flagged as Not Secure.

I highly recommend you work with a partner or Aruba pro services if you're thinking about rolling out a secure network. An improperly configured secure network is worse than what you have today. (And if it makes you feel better, a majority of deployments are not properly deployed)

------------------------------
Tim C
------------------------------

Original Message:
Sent: Jan 21, 2021 08:49 AM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Thanks everyone for the responses. It's strange that Aruba support just responded with the following:

"From the case description I understand that after updating the mac devices to Big Sur, you are receiving an unsecured network alert.

 

As long as the captive portal certificate is valid and not expired, the connecting shouldn't be insecure. It could be an issue from the Apple end."

 

-- 

Nathan Kuhl
Information Technology
Wyoming Seminary
570-270-2241

*** Please report all problems to the help desk: https://helpdesk.wyomingseminary.org ***

Original Message:
Sent: 1/21/2021 7:56:00 AM
From: Herman Robers
Subject: RE: macOS Big Sur - Unsecured Network

It's not only on an open SSID that you can sniff traffic, but you also can inject traffic and by spoofing the MAC address of an authorized client (which you can easily sniff) you can circumvent the captive portal and get to any resources that the authenticated user could get.

The funny is that your Guest network does have encryption.

If you can't move to EAP/WPA Enterprise, you probably should at least enable WPA2-PSK with an impossible-to-guess password on the SSID if it provides access to anything that has value.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Jan 21, 2021 07:40 AM
From: Bruce Osborne
Subject: macOS Big Sur - Unsecured Network

The answer depends on your SSID settings. A open SSID with a captive portal login, even when using a RADUIS server is unencrypted and therefore unsecured. Traffic can be sniffed.

We are currently using EAP-PEAP MSCHAPv2 to RADIUS & AD and will move to the more secure certificate based EAP-TLS on our network.

------------------------------
Bruce Osborne

Original Message:
Sent: Jan 20, 2021 06:59 PM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Our Macs that have updated to the latest version of macOS, Big Sur, report an Unsecured Network message when connected to the Aruba wireless network. We use a secured captive portal as a login to our production network. The computer is then registered using RADIUS in our NAC server. Is this connection truly insecure as macOS states? 

------------------------------
Nathan Kuhl
------------------------------

Thank you. We're always looking to make common sense improvements and just moving away from a captive portal would create so many less headaches. You wouldn't believe how many students have Samsung phones that don't support captive portals.

I'll work with TAC to either create a new or modify our existing production SSID to implement WPA-Enterprise that works in conjunction with our NAC/radius server.

------------------------------
Nathan Kuhl
------------------------------

Original Message:
Sent: Jan 21, 2021 09:34 AM
From: Tim C
Subject: macOS Big Sur - Unsecured Network

Sorry, but what TAC said is not correct. Any unencrypted network or networks using legacy encryption will be flagged as Not Secure.

I highly recommend you work with a partner or Aruba pro services if you're thinking about rolling out a secure network. An improperly configured secure network is worse than what you have today. (And if it makes you feel better, a majority of deployments are not properly deployed)

------------------------------
Tim C

Original Message:
Sent: Jan 21, 2021 08:49 AM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Thanks everyone for the responses. It's strange that Aruba support just responded with the following:

"From the case description I understand that after updating the mac devices to Big Sur, you are receiving an unsecured network alert.

 

As long as the captive portal certificate is valid and not expired, the connecting shouldn't be insecure. It could be an issue from the Apple end."

 

-- 

Nathan Kuhl
Information Technology
Wyoming Seminary
570-270-2241

*** Please report all problems to the help desk: https://helpdesk.wyomingseminary.org ***

Original Message:
Sent: 1/21/2021 7:56:00 AM
From: Herman Robers
Subject: RE: macOS Big Sur - Unsecured Network

It's not only on an open SSID that you can sniff traffic, but you also can inject traffic and by spoofing the MAC address of an authorized client (which you can easily sniff) you can circumvent the captive portal and get to any resources that the authenticated user could get.

The funny is that your Guest network does have encryption.

If you can't move to EAP/WPA Enterprise, you probably should at least enable WPA2-PSK with an impossible-to-guess password on the SSID if it provides access to anything that has value.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Jan 21, 2021 07:40 AM
From: Bruce Osborne
Subject: macOS Big Sur - Unsecured Network

The answer depends on your SSID settings. A open SSID with a captive portal login, even when using a RADUIS server is unencrypted and therefore unsecured. Traffic can be sniffed.

We are currently using EAP-PEAP MSCHAPv2 to RADIUS & AD and will move to the more secure certificate based EAP-TLS on our network.

------------------------------
Bruce Osborne

Original Message:
Sent: Jan 20, 2021 06:59 PM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Our Macs that have updated to the latest version of macOS, Big Sur, report an Unsecured Network message when connected to the Aruba wireless network. We use a secured captive portal as a login to our production network. The computer is then registered using RADIUS in our NAC server. Is this connection truly insecure as macOS states? 

------------------------------
Nathan Kuhl
------------------------------

Original Message:
Sent: 1/22/2021 7:47:00 AM
From: nkuhl30
Subject: RE: macOS Big Sur - Unsecured Network

Thank you. We're always looking to make common sense improvements and just moving away from a captive portal would create so many less headaches. You wouldn't believe how many students have Samsung phones that don't support captive portals.

I'll work with TAC to either create a new or modify our existing production SSID to implement WPA-Enterprise that works in conjunction with our NAC/radius server.

------------------------------
Nathan Kuhl
------------------------------

Original Message:
Sent: Jan 21, 2021 09:34 AM
From: Tim C
Subject: macOS Big Sur - Unsecured Network

Sorry, but what TAC said is not correct. Any unencrypted network or networks using legacy encryption will be flagged as Not Secure.

I highly recommend you work with a partner or Aruba pro services if you're thinking about rolling out a secure network. An improperly configured secure network is worse than what you have today. (And if it makes you feel better, a majority of deployments are not properly deployed)

------------------------------
Tim C

Original Message:
Sent: Jan 21, 2021 08:49 AM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Thanks everyone for the responses. It's strange that Aruba support just responded with the following:

"From the case description I understand that after updating the mac devices to Big Sur, you are receiving an unsecured network alert.

 

As long as the captive portal certificate is valid and not expired, the connecting shouldn't be insecure. It could be an issue from the Apple end."

 

-- 

Nathan Kuhl
Information Technology
Wyoming Seminary
570-270-2241

*** Please report all problems to the help desk: https://helpdesk.wyomingseminary.org ***

Original Message:
Sent: 1/21/2021 7:56:00 AM
From: Herman Robers
Subject: RE: macOS Big Sur - Unsecured Network

It's not only on an open SSID that you can sniff traffic, but you also can inject traffic and by spoofing the MAC address of an authorized client (which you can easily sniff) you can circumvent the captive portal and get to any resources that the authenticated user could get.

The funny is that your Guest network does have encryption.

If you can't move to EAP/WPA Enterprise, you probably should at least enable WPA2-PSK with an impossible-to-guess password on the SSID if it provides access to anything that has value.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Jan 21, 2021 07:40 AM
From: Bruce Osborne
Subject: macOS Big Sur - Unsecured Network

The answer depends on your SSID settings. A open SSID with a captive portal login, even when using a RADUIS server is unencrypted and therefore unsecured. Traffic can be sniffed.

We are currently using EAP-PEAP MSCHAPv2 to RADIUS & AD and will move to the more secure certificate based EAP-TLS on our network.

------------------------------
Bruce Osborne

Original Message:
Sent: Jan 20, 2021 06:59 PM
From: Nathan Kuhl
Subject: macOS Big Sur - Unsecured Network

Our Macs that have updated to the latest version of macOS, Big Sur, report an Unsecured Network message when connected to the Aruba wireless network. We use a secured captive portal as a login to our production network. The computer is then registered using RADIUS in our NAC server. Is this connection truly insecure as macOS states? 

------------------------------
Nathan Kuhl
------------------------------