Hello David
we did this last month and "secured" PEAP by minimizing the risk in
Windows 7 clients.
We used this guide and it worked very well.
http://www.defenceindepth.net/2010/05/attacking-and-securing-peap.html
We did not use "step 4" because it didn't leave the user ID in our AAA,
they were all "anonymous".
We also studied every operating system that connected to our WIFI and
found out that Windows-7 is just 4%, so we hope this problem will die on
it's own. Windows 10 can use PAP-TTLS, even though that is another deal.
hope it helps.
best regards,
On 7/10/17 3:55 PM, LaPorte, David wrote:
I was wondering if anyone has done a risk/benefit assessment of using EAP-PEAP
in your environment. If so, would you be willing to share? We have a solid
understanding of the security/usability tradeoffs that come with PEAP, but were
hoping to not re-invent the wheel :)
Thanks,
Dave
David LaPorte
[email protected]
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/discuss.
--
*Marcelo Maraboli Rosselott*
Subdirector de Redes y Seguridad
Dirección de Informática
Pontificia Universidad Católica de Chile
http://informatica.uc.cl/
--
Campus San Joaquín, Av. Vicuña Mackenna 4860, Macul
Santiago, Chile
Teléfono: (56) 22354 1341
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/discuss.
