PaulDotCom mailing list archives
Re: Auditing WPA/WPA2 wifi networks
From: "C. L. Martinez" <carlopmart () gmail com>
Date: Mon, 11 Mar 2013 10:34:12 +0000
My answers inline. On Sat, Mar 9, 2013 at 10:40 PM, Robert Portvliet <robert.portvliet () gmail com> wrote:
So, your main concern with EAP-TLS is the security of the client side certificates. The types of MITM attacks that PEAP and EAP-TTLS are vulnerable to (FreeRadius-WPE) don't come into play. The attacker will have to actually obtain one of the client's certificates to gain access to the network.
That's one of the options that we want to test.
However, on that note, when you say external users (on this 3rd AP), I took that to mean non-employee users.
Correct.
If you don't mind me asking, how are you planning to manage using EAP-TLS with them? (due to the requirement for a client side cert) (or did I completely misunderstand?).
You've understood correctly. The idea is to use the most secure EAP possible (we had thought on EAP-TLS, but we can change it) or at least, detect and mitigate its consequences.
My thought about the servers though, if they are in fact accessed by employees and non-employees, is to keep in mind that they could be a possible jump off point into your internal network if compromised. It might pay to put them in some kind of segregated DMZ type environment.
Sure. We have segregated all possible accesed servers by non-employees, but there are other internal servers that they need access. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Auditing WPA/WPA2 wifi networks C. L. Martinez (Mar 08)
- Re: Auditing WPA/WPA2 wifi networks Robin Wood (Mar 08)
- Re: Auditing WPA/WPA2 wifi networks Hans Kokx (Mar 08)
- Re: Auditing WPA/WPA2 wifi networks Doug Chesterman (Mar 08)
- Re: Auditing WPA/WPA2 wifi networks C. L. Martinez (Mar 09)
- Re: Auditing WPA/WPA2 wifi networks Robert Portvliet (Mar 09)
- Re: Auditing WPA/WPA2 wifi networks C. L. Martinez (Mar 09)
- Re: Auditing WPA/WPA2 wifi networks Robert Portvliet (Mar 09)
- Re: Auditing WPA/WPA2 wifi networks C. L. Martinez (Mar 11)
- Re: Auditing WPA/WPA2 wifi networks C. L. Martinez (Mar 09)