Wireless authentication

Unanswered Question
Apr 16th, 2008
User Badges:

Hey guys - hope everyone's doing well. A client is looking to move away from using static EAP to some better form of security using Cisco ACS. Unfortunately the laptops belong to students so they don't know what cards or OS they 're running but mostly XP & Vista.


What is the safest bet to choose in terms of protocol that would be most widely supported? I just want to use dynamic WEP and authenticate my users to the network using an internal ACS database


Thank you all


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
patoberli Wed, 04/16/2008 - 06:47
User Badges:
  • Bronze, 100 points or more

I'd go for WPA2 with AES encryption.

And PEAP as user authentification.

Please note that you need under XP either SP3 or the WPA2 patch from Microsoft found under: http://support.microsoft.com/kb/893357

But then every XP client and also Vista client supports it.

WEP is simply put unsave. You need around 2-3 minutes to crack a WEP key and then sniff all the traffic between the client and access point. And this can't it be.

pablo1711 Thu, 04/17/2008 - 16:37
User Badges:

WPA2 is still not universally supported by Windows based clients. Although less secure you could opt for WPA with TKIP to ensure max compatibility. If you are using Unified Wireless you can enable support for both WPA and WPA2 and then you pretty much catch everything.


As Patoberli states above don't even bother with WEP and also ensure that if you are using PSK for WPA or WPA2 that you do not use a dictionary word.


HTH


Paul



Actions

This Discussion

 

 

Trending Topics - Security & Network