[mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 04, 2007 5:29 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x With A One-Way Certificate
Yes, if you purchase a commercial cert from one of the CAs who's certs are
included with the OS, all the user has to do
.
Ken
-Original Message-
From: Michael Griego [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 04, 2007 11:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x With A One-Way Certificate
Just be aware that not validating the certificate opens you up to fairly
We are trying to implement a WPA/TKIP Wireless authentication. We are using
ACS Solution Engine which backs into AD for Authentication. We are currectly
using WEP.
We are looking for the least amount of client setup to make this change.
Cisco has told us to use the PEAP MSCHAPv2 connection with
Yes. We aren't using the wpa-tkip with acs, but we do use ias (windows)
for radius, we have our clients uncheck the 'Validate Server
Certificate' option and away they go.
http://www.geneseo.edu/CMS/display.php?page=5200dpt=cit
http://www.geneseo.edu/CMS/display.php?page=5198dpt=cit
Rick Coloccia wrote:
Yes. We aren't using the wpa-tkip with acs, but we do use ias (windows)
for radius, we have our clients uncheck the 'Validate Server
Certificate' option
Why? (i.e. why not ensure that the cert is valid?)
**
Participation and subscription information for this
Just be aware that not validating the certificate opens you up to
fairly easy session hijacking attacks since anyone can come up with a
cert and get your clients to connect to their APs instead of yours
(since the client is not checking cert validity)... The attacker
would then have
Well, to ensure the cert is vaild, a trusted root ca cert must be one
client. We used a locally generated cert for the ias server. We
haven't yet rolled out our local trusted root ca cert. Once it gets out
we won't worry about that exact setting. Until we do, we needed a way
to get
Yes, that liability was indeed considered...
-Rick
Michael Griego wrote:
Just be aware that not validating the certificate opens you up to
fairly easy session hijacking attacks since anyone can come up with a
cert and get your clients to connect to their APs instead of yours
(since the
AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 802.1x With A One-Way Certificate
We are trying to implement a WPA/TKIP Wireless authentication. We are
using ACS Solution Engine which backs into AD for Authentication. We are
currectly using WEP.
We are looking for the least
the client setup as simple as possible but not in a
way that lowers security.
Ken
-Original Message-
From: Michael Griego [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 04, 2007 11:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x With A One-Way Certificate
-LAN] 802.1x With A One-Way Certificate
Here are our instructions. We ask users to check off the appropriate CA and
it works fine for us. No need to manually download or approve anything.
It's worked for us
the client setup as simple as possible but
not in a
way that lowers security.
Ken
-Original Message-
From: Michael Griego [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 04, 2007 11:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x With A One-Way Certificate
12 matches
Mail list logo