I have a few questions to ask around here and it concerns the security of a WPA2-Enterprise secured wireless network.
I have just baught myself a ZyAIR G2000 Plus wireless router and i have gone for this one because it has a inbuilt cutdown RADIUS server that supports 32 clients and im abit paranoied about my wireless networks in general.
Now from what i understand of WPA2 enterprise is that it consists of 2 parts Association and Authentication. so there are 3 things that are needed to be able to use the network they are a valid certificate, a username and a password.
I think if you forged the certificate you could still associate with the AP but without the username password you could not authenticate with RADIUS therefore not be able to access the network resources.
What i am asking is how secure it this setup i know the most secure way is not to have wireless and limit physical access to the network, but this is not a choice in my new flat as i wont be able to wire up the network points without getting a network engeneer contractor to do it and pay through the nose ( a term of my lease that any electrical/plumbing or communication works have to be contracted out).
Also with the certificates you haev 2 options the first is to goto a CA liek verisign and get one of theres and pay lots of money or the secong is to use the inbuilt CA and make your own self certifyed certificated. How easy would it be to spoof a self made certificate.
One final note I am NOT asking how to hack/crack WPA2-enterprise it just want to know if its possible and how easy it is and if its been done before. i know WEP and WPA-PSK has been done but the way it is done is a very Script kiddie approach and now anyone can do it.
Thankyou guys for helping me your information was really helpful.
i have been doing alot of reading and thanks to person on another forum they pointed me at some information that i found quite useful.
from my reading i have eased my paranioa about my wireless network but still want to know more.
i have come to the conclusions that becasue WPA2-Enterprise is 2 factor auth it would be pretty tough to crack.
the first obsitcal would be the certificate and from what i have read if i have got it right certificates are part of a Key exchaneg infrastructure so the certificate you instlal on the pcs that you want to associate the AP with will only have the public key that is in the certificate an that is what they send to the AP to encrypt things. and the AP has the Private key that matches the public key meaning that it can decrypt the encripted information.
That would be a major stumbling block for an attacker that would probly take longer than the value of the information to obtain the certificate or enough information to fake it.
the second would be the username and password that is used to authenticate with the AP i know this will be the weakest part of the process as the passwords could in turn be weak but it would be very hard to extract the data from the air as a encripted link is created between the AP and client machine before the login details are sent.
so in short it would take a very long time to break into it so i have eased my fears. although i would like for someone to confirm that i am on the right tracks on how hard it would be ot break it.