PEAP security

Replies to This Discussion

Permalink Reply by Anathema` on June 10, 2008 at 5:34pm

Based on the test I made with both linux and windows, I've seen what you guys have see: windows vista had some problems connecting and about linux it depends on the wifi driver (this test was made with PEAP auth).
What about an universally work implementation ? The wpa-psk isn't the way I want to ride.
AES + TKIP ? What about ?
Sure I'll use a Radius server as backend...

▶ Reply to This

Permalink Reply by Wifi Ninja on June 12, 2008 at 10:32pm

Use AES, TKIP has issues, its just WEP fixed a little, so its bad

Look and see what EAP-types your linux enviorments, you may be able to use EAP-TTLS, like Peap but more standard support in some linux distros,

Works with Radius, and has same security as PEAP, so that may be an answer without going the PKI EAP-TLS enviorment.

▶ Reply to This

Permalink Reply by ManFromDelMunky on August 14, 2008 at 8:05am

PEAP if implemented correctly is secure enough, the problem lies in implementing it correctly.
You have to be carefull when settign up your radius that it only accepts encrypted clients, same on the client setup.

For correct implementation of PEAP you need a Public Key Infrastructure or a digital cert from a trusted root.
Or course if you put in a PKI you may as well use 802.1x with digital certificates, machine and user authentication.
If you are running a windows 2003 domain and have a copy of enterprise then you get a free PKI in the form of windows certificate services, (recomend reading the deployment guide first as its not as easy as it looks)
Oh and the enterprise version also comes with a radius server that supports more than 50 clients, and its a bit more usable than the cisco ACS.
Of course the same principles apply to *nix, you just have to find the software (not really my forte)

▶ Reply to This

• First
• Previous
• Next
• Last