The flaw in WPA2 doesn’t put accounts at risk since that is done with EAP over an encrypted TLS tunnel. It it the access to the network and the encryption over the air for the regular internet traffic that can be tempered with.
Philippe www.anyroam.net > On Oct 17, 2017, at 4:49 AM, Osborne, Bruce W (Network Operations) > <bosbo...@liberty.edu> wrote: > > No, the solution is EAP-TLS with individual device certificates. > > > > > Bruce Osborne > Senior Network Engineer > Network Operations - Wireless > (434) 592-4229 > > LIBERTY UNIVERSITY > > Training Champions for Christ since 1971 > > > From: Tim Tyler [mailto:ty...@beloit.edu] > Sent: Monday, October 16, 2017 9:57 AM > Subject: Re: Big flaw in WPA2 > > This brings up an issue where I have philosophically wondered if mac address > authentication isn’t better than 802.11x (wpa2). The reason isn’t because it > guards the network better. But if one does get hacked at the point of > accessing the network, the consequences are way less. One isn’t giving a way > the keys to their other accounts. I know some institutions do use mac > address authentication as their primary access method. It is difficult for > institutions that can’t afford pricey on-boarding solutions to manage > certificate lock downs. Hence, man in the middle attacks become prevalent > as well. > We already use mac address authentication for devices that won’t support > 802.1x. I keep wondering now if I shouldn’t make that our primary solution > someday. I am curious as to what others think. > > Tim > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H > Sent: Monday, October 16, 2017 6:51 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: [WIRELESS-LAN] Big flaw in WPA2 > > > https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/ > > Ryan Turner > Manager of Network Operations, ITS > The University of North Carolina at Chapel Hill > +1 919 274 7926 Mobile > +1 919 445 0113 Office > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
