Hi All
This thread was running last year, but I'm just wondering if anyone has a
pre-packaged secureW2 installer (with inf file?) which they could share with
those on the list (or at least me! Haha)?
Cheers
Matt Ashfield
[EMAIL PROTECTED]
-Original Message-
From: Casey, J Bart
We are trying to implement a WPA/TKIP Wireless authentication. We are using
ACS Solution Engine which backs into AD for Authentication. We are currectly
using WEP.
We are looking for the least amount of client setup to make this change.
Cisco has told us to use the PEAP MSCHAPv2 connection with
Yes. We aren't using the wpa-tkip with acs, but we do use ias (windows)
for radius, we have our clients uncheck the 'Validate Server
Certificate' option and away they go.
http://www.geneseo.edu/CMS/display.php?page=5200dpt=cit
http://www.geneseo.edu/CMS/display.php?page=5198dpt=cit
Rick Coloccia wrote:
Yes. We aren't using the wpa-tkip with acs, but we do use ias (windows)
for radius, we have our clients uncheck the 'Validate Server
Certificate' option
Why? (i.e. why not ensure that the cert is valid?)
**
Participation and subscription information for this
Just be aware that not validating the certificate opens you up to
fairly easy session hijacking attacks since anyone can come up with a
cert and get your clients to connect to their APs instead of yours
(since the client is not checking cert validity)... The attacker
would then have
Well, to ensure the cert is vaild, a trusted root ca cert must be one
client. We used a locally generated cert for the ias server. We
haven't yet rolled out our local trusted root ca cert. Once it gets out
we won't worry about that exact setting. Until we do, we needed a way
to get
Yes, that liability was indeed considered...
-Rick
Michael Griego wrote:
Just be aware that not validating the certificate opens you up to
fairly easy session hijacking attacks since anyone can come up with a
cert and get your clients to connect to their APs instead of yours
(since the
IF you get a cert from a well know CA, the root cert comes with windows
and other OSs so its not a problem to validate it. if you make your own,
then you will have issues.
-Emerson
From: ktaillon [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 04, 2007 11:01
One of the things that I didn't point out is we are running the new LWAPP
AP's and controller setup. After I told Cisco about the one-way cert he said
this is ok to run in this setup because the peap tunnel that is created from
the client to the AP and to the ACS/Controller could not be interfered
sorry,
http://www.uoguelph.ca/ccs/internet/getting_connected/wireless/securing_with_wpa.shtml
Lelio Fulgenzi, B.A.
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
(519) 824-4120 x56354 (519)
Yes, if you purchase a commercial cert from one of the CAs who's
certs are included with the OS, all the user has to do is:
a) pick your certificate's CA from the list in the PEAP setup
b) enter your certificate's CommonName in the server list
The user does not have to download anything.
11 matches
Mail list logo