Yes setting up RADIUS for authentication of wireless clients is a good idea.
What is your opinion of RADIUS?
From what I have learned here and what I have read online, RADIUS is the best wireless security option. I downloaded "WinRadius". I am going to look at it a bit closer tonight when I get up. What is your opinion? Do you think this is a good idea?
Yes setting up RADIUS for authentication of wireless clients is a good idea.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
A little bit of lite reading.
I believe there was also something present at Shmoocon regarding the bypassing of RADIUS authentication, but I missed that talk.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Don't let reading of vulnerabilities discourage you. There is no such thing as a system which is 100% secure or vulnerability free. IMHO WPA & Radius are still the best solution especially for enterprise deployments where data/network security is important. (If anyone disagrees I'm open to a healthy debate, I'll admit I'm behind on my wireless reading etc so there might be something better).
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
As far as I'm concerned wpa + radius is the best I was just linking to the vulnerability streaker mentioned that Josh Wright presented at shmoo con. At my school they have that plus under the airodump heading where it normally says pre shared key they have something called mgt which I'm not sure but I believe that takes the psk out of the equation which makes it more secure. I'm not to sure how thats done so if someone knows I'd love to hear about it.
Heres the PDF of the presentation which goes into more detail.
Have tested the tools he uses through out the slides on my WPA-TKIP PEAP MSCHAP-V2 setup and it was vulnerable.
Μολὼν λαβέ - Great spirits encounter heavy opposition from mediocre minds.
Posting Permissions