Hi Adam, If any other alternative exists, then LEAP should not be used. As you've pointed out, LEAP is vulnerable to known published attacks. Even Cisco recommends (their version of ;-) PEAP. Given the requirements placed upon the AP, LEAP is also effectively constrained to Cisco APs.
For Microsoft devices, the most straight-forward choice is PEAP/MS-CHAPv2. This is a less flexible choice than EAP-TTLS but doesn't require the purchase of any third party software. Some wireless cards now come with EAP-TTLS supplicants but by no means all of them. There are free (for personal use)/cheap (for commercial use) EAP-TTLS clients (e.g. SecureW2) but this does impose an extra administrative burdon on the operator of the network. Some may not feel that the added flexibility of EAP-TTLS is worth the extra administration. Anyway, to get back to your original question, there are almost no circumstances under which LEAP would be the appropriate choice in a production environment. Regards, Guy > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Adam Shelley > Sent: 31 August 2004 21:38 > To: [EMAIL PROTECTED] > Subject: [OT] Should anyone even use LEAP > > > Coates Carter wrote: > > > James, > > > > We have gotten LEAP to work with Cisco access points. My > last posting > > on the subject might help if you haven't gotten there yet... > > > > I was just wondering, would this type of setup still be > vulnerable to this: > > http://asleap.sourceforge.net/ > > Should LEAP be used in any production environment to ensure > security on > wireless links? > > If this is inappropriate to ask, my apologies. > > -Adam > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > This e-mail is private and may be confidential and is for the intended recipient only. If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed. If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it. We use reasonable endeavours to virus scan all e-mails leaving the Company but no warranty is given that this e-mail and any attachments are virus free. You should undertake your own virus checking. The right to monitor e-mail communications through our network is reserved by us. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
