When logging into the CAEN Wireless network using web-based authentication, only the initial login is encrypted, and all other network traffic is unencrypted and therefore insecure. Therefore, CAEN has restricted access to only allow certain network traffic to pass. Specifically, this includes the following encrypted traffic:

• HTTPS to anywhere on the Internet
• SSH, SCP, SFTP and SSH-tunnelled connections to anywhere on the Internet
• IMAP-S & POP-3S to anywhere on the Internet
• NNTP using TLS to anywhere on the Internet
• PPTP/L2TP/IPSec to anywhere on the Internet
• RDP to Virtual CAEN Lab computers
• SMTP using TLS to any U-M server
• LCS (I.M.-only) using TLS to the U-M LCS server

and the following traffic which is not encrypted, and therefore insecure:

• HTTP to anywhere on the Internet
• NTP to anywhere on the Internet
• NNTP to anywhere on the Internet
• LDAP to anywhere on the Internet
• DNS to anywhere on the Internet
• FTP to off-campus sites
• SMTP to any U-M server

CAEN strongly urges its users to instead run VPN client software whenever possible while accessing the wireless network. This will encrypt all wireless network traffic, with no restrictions on what traffic will pass.

Note: Anyone can browse the entire College of Engineering web site over CAEN Wireless without ever logging in.