Wireless authentication

erickppp1 · ‎04-16-2008

Hey guys - hope everyone's doing well. A client is looking to move away from using static EAP to some better form of security using Cisco ACS. Unfortunately the laptops belong to students so they don't know what cards or OS they 're running but mostly XP & Vista.

What is the safest bet to choose in terms of protocol that would be most widely supported? I just want to use dynamic WEP and authenticate my users to the network using an internal ACS database

Thank you all

patoberli · ‎04-16-2008

I'd go for WPA2 with AES encryption.

And PEAP as user authentification.

Please note that you need under XP either SP3 or the WPA2 patch from Microsoft found under: http://support.microsoft.com/kb/893357

But then every XP client and also Vista client supports it.

WEP is simply put unsave. You need around 2-3 minutes to crack a WEP key and then sniff all the traffic between the client and access point. And this can't it be.

pablo1711 · ‎04-17-2008

WPA2 is still not universally supported by Windows based clients. Although less secure you could opt for WPA with TKIP to ensure max compatibility. If you are using Unified Wireless you can enable support for both WPA and WPA2 and then you pretty much catch everything.

As Patoberli states above don't even bother with WEP and also ensure that if you are using PSK for WPA or WPA2 that you do not use a dictionary word.

HTH

Paul