Is this enough security?

Answered Question
Dec 10th, 2008
User Badges:

Hello,


I have currently setup a 2106 controller with 1100 series AP's the authentication is done via radius and IAS. The certificate is installed on the domain laptops and when I connect wireless it shows up as WPA2 (Peap). As I take it you need the certificate and domain credentials and dial in access to access the network. Is there anything to worry about with this setup or is this strong enough security.


Thanks.

Correct Answer by dennischolmes about 8 years 4 months ago

This should suffice for most normal networks. It may not be FIPS compliant but it is pretty stout.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
dennischolmes Wed, 12/10/2008 - 15:01
User Badges:
  • Gold, 750 points or more

This should suffice for most normal networks. It may not be FIPS compliant but it is pretty stout.

Joshua Engels Thu, 10/17/2013 - 12:14
User Badges:

"As I take it you need the certificate and the domain credentials.........."


Actually this is incorrect and easy to misunderstand.  Authentication with PEAP only requires a Server side certificate.  It does not require that a supplicant (Laptop/ipad etc) have a certficate to connect. 


All the certificate is there for is so that the supplicant does not connect to a rogue AP.  If the supplicant does not  wish to validate the Server certificate, it WILL be able to connect with just domain user id and password.  The only protection you have from allowing someone to connect to your network using PEAP is whatever form of Radius you are using in this case.  Server side certificates DO NOT protect access.  An easy test is to use your iphone to connect and deselect "validate" certificate and just enter your user id and password and you will connect.


Feel free to contact me if you need more info.

Joshua Engels Thu, 10/17/2013 - 12:17
User Badges:

Another way to understand that you do not need a certificate on the laptop is with a Windows system under the PEAP Properties, uncheck "validate server certificate".  You will connect right up.

Actions

This Discussion

 

 

Trending Topics - Security & Network