04-16-2008 05:58 AM - edited 07-03-2021 03:44 PM
Hey guys - hope everyone's doing well. A client is looking to move away from using static EAP to some better form of security using Cisco ACS. Unfortunately the laptops belong to students so they don't know what cards or OS they 're running but mostly XP & Vista.
What is the safest bet to choose in terms of protocol that would be most widely supported? I just want to use dynamic WEP and authenticate my users to the network using an internal ACS database
Thank you all
04-16-2008 06:47 AM
I'd go for WPA2 with AES encryption.
And PEAP as user authentification.
Please note that you need under XP either SP3 or the WPA2 patch from Microsoft found under: http://support.microsoft.com/kb/893357
But then every XP client and also Vista client supports it.
WEP is simply put unsave. You need around 2-3 minutes to crack a WEP key and then sniff all the traffic between the client and access point. And this can't it be.
04-17-2008 04:37 PM
WPA2 is still not universally supported by Windows based clients. Although less secure you could opt for WPA with TKIP to ensure max compatibility. If you are using Unified Wireless you can enable support for both WPA and WPA2 and then you pretty much catch everything.
As Patoberli states above don't even bother with WEP and also ensure that if you are using PSK for WPA or WPA2 that you do not use a dictionary word.
HTH
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide