If I am not mistaken, the 802.11n standard requires CCMP/AES if encryption is to be used at all. Hence, users are being bumped off the 11n rates when they use TKIP.
We are also exploring our options for deploying 802.1X/EAP in our current wireless environment and we considered using EAP-PEAP so that Windows users could use the native supplicant. The problem with this is that the Windows supplicant sends the username in the clear in the outer tunnel during the first stages of authentication. Because of this we are now considering using EAP-TTLS with a third-party supplicant in order to provide that extra layer of security. Diana Cortes, CISSP, CWNA University of Miami IT - Telecommunications -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Voll, Toivo Sent: Wednesday, December 23, 2009 6:37 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Encryption and Authentication Your choices may be limited if you plan to run 802.11n. At least Cisco reads the specs as mandating that you must do WPA2 / AES on 802.11n, other types (TKIP, WPA) will bump you off 802.11n rates. Also consider what your user population is. XP may need a hotfix applied to do WPA2. A lot of older systems, WVoIP phones, barcode scanners, Crestron-type room controls etc. may be limited to WEP or WPA. -- Toivo Voll Network Administrator Information Technology Communications University of South Florida -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of David Blahut Sent: Wednesday, December 23, 2009 14:25 To: [email protected] Subject: [WIRELESS-LAN] Encryption and Authentication Greetings, We are beginning to deploy encrypted wireless and I am looking for some words of wisdom. Mainly what method you used and what reasons as to why you chose said method or any reason you wish you had not. We have looked at many of the different flavors of EAP but are unsure of any clear advantage of one over the other. We are a Cisco LWAPP shop with Cisco ACS playing the role of RADIUS with open LDAP in the back-end. Any advice would be helpful; any thing to look out for, any gotchas, any show stoppers, and any success stories. Thanks, David ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
smime.p7s
Description: S/MIME cryptographic signature
