Hello,
I have setup a small network.where we I am using PEAP in a Microsoft-centric environment for authentication method for my wireless LAN. so i want to know is which steps or need secure my deployment? Any one know about this? Any suggestion?
Hello,
I have setup a small network.where we I am using PEAP in a Microsoft-centric environment for authentication method for my wireless LAN. so i want to know is which steps or need secure my deployment? Any one know about this? Any suggestion?
PEAP is a common authentication option for wireless networks, and is widely adopted by Microsoft-centric organizations due to native client support in Windows XP and unused Vista.Disable EAP types on the RADIUS server.If your organization uses PEAP as single authentication mechanism, ensure that PEAP is the only authorized EAP type. Use a trusted certificate to the RADIUS server authentication.The must be configured with a digital certificate that is signed by a certification authority (CA), using a private or a public CA.
PEAP can be a choice of strong authentication for network environments, wireless local area if organizations follow a few steps to ensure the integrity of the deployment. Securing Wireless LANs with PEAP and Passwords is a companion guide to another Microsoft Solution Accelerator for WLANs: Securing Wireless LANs with Certificate Services, which is designed for larger organizations. This accelerator is much simpler and easier to deploy, and is designed for small and medium organizations. The main technological difference between the two accelerators is that it uses public key certificates to authenticate users and computers to the WLAN while the names of other users and uses of the word authentication.Validate server certificate on all clients.All PEAP clients must validate the server certificate for authentication. Non-certificate validation server compromises the integrity of the PEAP exchange.
The Protected Extensible Authentication Protocol (PEAP) uses the RADIUS protocol and is easily integrated with Microsoft Active Directory using Microsoft Internet Authentication Service to validate the user or machine identification. This allows the authentication process between the wireless client and server authentication, typically a RADIUS server to be fully encrypted. It also uses the signed certificate validation server that allows the client to verify the identity of the remote server before sending credentials, reducing the risk of diversion of usernames and passwords.Windows XP PEAP supplicant will accept any trusted digital certificate for authentication, allowing an attacker to impersonate the legitimate RADIUS server if the signing authority was also approved. To alleviate this problem, configure the PEAP supplicant to identify authorized RADIUS servers by selecting "Connect to these servers" options ". Provide the name of the RADIUS server that matches the name found on the server certificate.
Bookmarks