> Hello, > > It's not specially a question about freeradius but for > for experts like you in 802.1x ;) > > I read this document http://www.cs.umd.edu/~waa/1x.pdf > It said that 802.1x has a flaw : man in the middle attack > Does it true or is the document deprecated ? > > I have another question : > Considering security what is better : > freeradius + EAP/TLS ? > |-------> WPA ? > |-------> 802.1X ? > freeradius + EAP/TTLS ? > freeradius + PPTP ?--I never study this one.
Hi, The more secure actually is WPA+802.1x-EAP/TLS, but there's disadvantage to use this method because you need PKI. And yes, it is weak versus man in the middle attack because , there isn't protection on control trafic, then it's possible to cause DOS...but I think, it isn't so easy to do!! WPA is a transition standard : In the new standard 802.11i, there's an EAP preauthentication before association with acces point to resolve this problem and it use AES to cypher wich is more secure than RC4. But it's new and it could change again. Fred.EVRARD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
