Hi All,
We’ve been getting more than a few reports of student machines running macOS
Catalina (varying sub versions of 10.15) experiencing seemingly random crashes
of Google Chrome (version 84) since their return to campus in the last two
weeks, but only when connected to our eduroam network. T
] Big flaw in WPA2
SMALL Update about Cisco Client workaround:
* Troubleshooting
TechNotes<https://www.cisco.com/c/en/us/tech/wireless-2f-mobility/wireless-lan-wlan/tsd-technology-support-troubleshooting-technotes-list.html>
Wireless KRACK attack client side workaround and detection
|
From: wireless-lan on behalf of Gertjan
Scharloo
Reply-To: wireless-lan
Date: Friday, 27 October 2017 at 09:49
To: wireless-lan
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
Hi folks,
In a Cisco environment there is a workaround for the client vulnerability :
Workaround for CVE
ile/g.scharloo
twitter : wireless_kid
Beschikbaar : Ma | - | Wo | Do | Vr |
From: wireless-lan on behalf of Jake
Snyder
Reply-To: wireless-lan
Date: Thursday, 19 October 2017 at 15:24
To: wireless-lan
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
You have more faith in the WFA tha
practically all vendors chose a poor, insecure design. The only claw in WPA2
> was vagueness in the specification. I understand the Wi-Fi Alliance is
> working on remedying that as well as specifically testing for KRACK in its
> certification testing.
>
> Since many implementat
The specification, like many, was vague in implementation details and
practically all vendors chose a poor, insecure design. The only claw in WPA2
was vagueness in the specification. I understand the Wi-Fi Alliance is working
on remedying that as well as specifically testing for KRACK in its
celo Maraboli
Sent: Wednesday, October 18, 2017 11:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
if it were a Design Flaw, no patch can fix it we would need to upgrade to
WPA3 or something.
the fact that there is patch going on, is that either eve
*Sent:* Monday, October 16, 2017 1:58 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Big flaw in WPA2
If this is a flaw in the design of the WPA2 protocol isn’t the fix
going to need to be made on both sides of the communication link?
Access points will all need to
FYI,
As it seems relevant here, below is excerpted from 'Cloudpath FAQ Security
Advisory 10-16-17_v2', which posted yesterday.
Best,
Rich
-=-=-=-=-=
How can Cloudpath help?
While this issue is severe and must be remediated, please note that there are
much easier ways to compromise the network.
The flaw in WPA2 doesn’t put accounts at risk since that is done with EAP over
an encrypted TLS tunnel. It it the access to the network and the encryption
over the air for the regular internet traffic that can be tempered with.
Philippe
www.anyroam.net
> On Oct 17, 2017, at 4:49 AM, Osbo
:* Tim Tyler [mailto:ty...@beloit.edu]
> *Sent:* Monday, October 16, 2017 9:57 AM
> *Subject:* Re: Big flaw in WPA2
>
>
>
> This brings up an issue where I have philosophically wondered if mac
> address authentication isn’t better than 802.11x (wpa2). The reason isn’t
> becau
Subject: Re: Big flaw in WPA2
This brings up an issue where I have philosophically wondered if mac address
authentication isn’t better than 802.11x (wpa2). The reason isn’t because it
guards the network better. But if one does get hacked at the point of
accessing the network, the consequences are
gt; be - as a University. They are:
> Community – Access – Diversity – Respect – Entrepreneurship
>
>
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Richard Nedwich
> Sent:
CAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Richard Nedwich
Sent: Monday, October 16, 2017 5:05 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
Ruckus has posted an official response in a Blog Post
Ruckus has posted an official response in a Blog Post here:
https://theruckusroom.ruckuswireless.com/wi-fi/2017/10/16/commonsense-approach-uncommon-problem/
Further, please find a Cloudpath KB article on the Ruckus support site here:
https://support.ruckuswireless.com/documents/2039-faq-security
--Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Anderson
Sent: Monday, October 16, 2017 3:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
It isn't a d
: [WIRELESS-LAN] Big flaw in WPA2
If this is a flaw in the design of the WPA2 protocol isn't the fix going to
need to be made on both sides of the communication link? Access points will
all need to be updated but also all client wifi drivers are going to need to be
updated on all wifi enabled de
behalf of Mike Cunningham
Sent: Monday, October 16, 2017 2:57 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
If this is a flaw in the design of the WPA2 protocol isn’t the fix going to
need to be made on both sides of the communication link? Access points wi
edu<mailto:steve.belc...@mail.wvu.edu>
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
on behalf of Chuck Anderson
Sent: Monday, October 16, 2017 3:07:55 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
I
-1.pdf
On Mon, Oct 16, 2017 at 06:57:57PM +, Mike Cunningham wrote:
> If this is a flaw in the design of the WPA2 protocol isn't the fix going to
> need to be made on both sides of the communication link? Access points will
> all need to be updated but also all client wifi driv
If this is a flaw in the design of the WPA2 protocol isn't the fix going to
need to be made on both sides of the communication link? Access points will
all need to be updated but also all client wifi drivers are going to need to be
updated on all wifi enabled devices that support WPA2,
bject: Re: [WIRELESS-LAN] Big flaw in WPA2
Ruckus is providing a response today.
**
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/discuss.
**
Participation and subscription information for this
Ruckus is providing a response today.
**
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/discuss.
Very bad idea. You are trading encryption for something that I could spoof in
no time and be on your network faster than it would take for me to read about
the wpa2 compromise.
> On Oct 16, 2017, at 9:56 AM, Tim Tyler wrote:
>
> This brings up an issue where I have philosophically
SE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
Cisco said they will release an official statement today.
Yahya Jaber.
CCIE Wireless.
055-869-7555
ITNC Engineering.
KAUST.
Sent from an Android
On Oct 16, 2017 17:10, "Norton, Thomas (Network Operations)"
mailto:tnort...@liberty.edu>
ents/aruba/unified-wired-wireless-access/74698/1/WPA2%20Vulnerability%20IDS%20feature.pdf
T.J. Norton
Wireless Network Architect – Team Lead
Network Services – Wireless
(434) 592-6552
[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]
Liberty University | Training Champions
For Aruba folks:
http://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wireless-access/74698/1/WPA2%20Vulnerability%20IDS%20feature.pdf
T.J. Norton
Wireless Network Architect – Team Lead
Network Services – Wireless
(434) 592-6552
[http://www.liberty.edu/media/1616
This brings up an issue where I have philosophically wondered if mac
address authentication isn’t better than 802.11x (wpa2). The reason isn’t
because it guards the network better. But if one does get hacked at the
point of accessing the network, the consequences are way less. One isn’t
giving
ituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Norton, Thomas
(Network Operations)
Sent: Monday, October 16, 2017 8:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
So basically those are work around as in the interim, so
SE.EDU] On Behalf Of Lee H Badman
Sent: Monday, October 16, 2017 7:10 AM
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
Let the panic begin.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WI
ld not be used.
TJ McClintic
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, October 16, 2017 7:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2
Let the pani
Let the panic begin.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Monday, October 16, 2017 7:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Big flaw in WPA2
https
t since 1971
On Oct 16, 2017, at 7:53 AM, Turner, Ryan H
mailto:rhtur...@email.unc.edu>> wrote:
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/<https://na01.safelinks.protection.outlook.com/?url=https%3A
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
Ryan Turner
Manager of Network Operations, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
**
Participation
Hi Tristan,
According to eduroam Compliance Statement:
B.3. eduroam SPs IEEE 802.11 wireless networks MUST support WPA2+AES,
and MAY additionally support WPA/TKIP as a courtesy to users of legacy
hardware. Exceptionally, an SP established before January 1, 2012, MAY
support only WPA/TKIP but
Hi all,
We currently support WPA+TKIP for legacy clients as well as WPA2+AES which is
almost every device on the network.
We also include Windows profiles in our SOE to connect to eduroam using
WPA+TKIP should WPA2+AES not be supported.
Most of these configurations are legacy.
Are we at a
Hello,
Wondering if anyone has come across a 802.1x capable Wi-Fi thermostat.
Preferably from Honeywell. ...Still trying to avoid the PSK here whenever
possible. Let me know.
Thanks,
Curtis Larsen
University of Utah
**
Participation and subscription information for this EDUCAUSE C
25, 2014 7:57 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent
SSIDs Aruba 6.3
I'm doing nothing to steer devices to 5ghz. Most clients do a good job today
(especially apple devices) of finding and staying on 5ghz. Looking
ot; ]; then
echo "Exiting..."
exit 0
fi
fi
fi
sudo sysctl -w net.link.ether.inet.arp_unicast_lim=0 > /dev/null 2>&1
echo "net.link.ether.inet.arp_unicast_lim=0" | sudo tee -a /etc/sysctl.conf
> /dev/null 2>&1
sudo chown root:w
r 25, 2014 7:25 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Reply To: The EDUCAUSE Wireless Issues Constituent Group Listserv
Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and
WPA2-Ent SSIDs Aruba 6.3
We saw a lot of the same. The ARP cache bug (since we run GLBP on the
gateways) has killed
Danny Eaton
Sent: Thursday, September 25, 2014 7:25 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Reply To: The EDUCAUSE Wireless Issues Constituent Group Listserv
Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent
SSIDs Aruba 6.3
We saw a lot of the same. The ARP cache bug (sin
We saw a lot of the same. The ARP cache bug (since we run GLBP on the
gateways) has killed us too.
Original message From: Jeffrey Sessler
Date:25/09/2014 16:40 (GMT-06:00)
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re:
[WIRELESS-LAN] Apple devices dropping on WPA2
rom: Jeffrey Sessler
Sent: Thursday, September 25, 2014 6:40 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Reply To: The EDUCAUSE Wireless Issues Constituent Group Listserv
Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and
WPA2-Ent SSIDs Aruba 6.3
We noticed that our WLAN with band/lo
] Apple devices dropping on WPA2-PSK and WPA2-Ent
SSIDs Aruba 6.3
We noticed that our WLAN with band/load-steering enabled had a high report rate
of Macintosh connectivity issues, and the WLAN that did not was trouble free.
I suspect what was happening was this: Mac would initially associate
We noticed that our WLAN with band/load-steering enabled had a high
report rate of Macintosh connectivity issues, and the WLAN that did not
was trouble free.
I suspect what was happening was this: Mac would initially associate
(Ent-WPA2), then the controller would force it to move to another
et-period 3
timer wpa-key-period 2000
timer wpa2-key-delay 100
timer wpa-groupkey-delay 100
wpa-key-retries 2
!
Bruce Osborne
Network Engineer - Wireless Team
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971
From: Turner, Ryan H [
On Wed, 24 Sep 2014, Derek Johnson wrote:
> I wonder how Apple's corporate wifi is set up. Surely Apple engineers
> roam on their own campus network and would have noticed these things...?
I thought there was some doubt over whether Apple engineers were living in
the same real world that everyo
EDUCAUSE Wireless Issues Constituent Group Listserv
> Date: 09/24/2014 07:08PM
> Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent
> SSIDs Aruba 6.3
>
> Cisco here but we have had plenty of issues with Mac OS. Spent some time with
> TAC recently seei
14 07:08PMSubject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent SSIDs Aruba 6.3Cisco here but we have had plenty of issues with Mac OS. Spent some time with TAC recently seeing what we can do about it with no real fix. Our EAP timers had
gotten a bit out of whack, and adju
%3cmailto:jason.c...@adelaide.edu.au>>
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Derek Johnson
Sent: Thursday, 25 September 2014 1:53 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple device
k Johnson
Sent: Wednesday, September 24, 2014 12:23 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent
SSIDs Aruba 6.3
Likewise, I see the same "Ptk Challenge Failed" errors show up in logs.
Sometimes I've seen it
TE UNIVERSITY
415 Lyman Dr. TH 101, Hays, KS 67601
(785) 628 - 5688 | djohn...@fhsu.edu
From: "Wang, Yu"
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Date: 09/24/2014 10:19 AM
Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and
WPA2-Ent SSIDs Aruba 6.3
Se
We’ve had some success with this problem on our WPA2-Enterprise SSID by
configuring the laptop to always trust the wireless certificate. This setting
can be found in your keychain. Look for your wireless cert in keychain access
and set the trust setting to “Always Trust”. This isn’t the
UCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Wednesday, September 24, 2014 10:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent SSIDs
Aruba 6.3
We've had complaints for a while that would come in sporadically, but didn't
n that our secure SSID (our
primary EAP-TLS WPA2-Ent SSID) was not stable. It was always from Apple users.
Recently, however, one of our employees with an Apple running OSX (Yosemite)
started to have the problem routinely on our PSK SSID. When I turned on
debugging in the logs, the following m
If you run v6 network, is not issue.
-Original Message-
From: Dan Brisson [dbris...@uvm.edu]
Received: Thursday, 28 Aug 2014, 17:13
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
Subject: Re: [WIRELESS-LAN] mac OSx 10.9 wpa2 enterprise connection issues
It
* Thursday, August 28, 2014 1:59 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] mac OSx 10.9 wpa2 enterprise connection
issues
In general I have seen this on various versions of OS X.
First thing I try is disable IPv6. I have also had to delete the
Airport interface
I second the IPv6 disabling.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Walter Reynolds
Sent: Thursday, August 28, 2014 1:59 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] mac OSx 10.9 wpa2
Michigan
(734) 615-9438
On Thu, Aug 28, 2014 at 1:11 PM, Muraca, Peppino P.
wrote:
> Hi , has anyone else seen issues using wpa2 enterprise wireless where a
> Macbook OSX 10.9.X will authenticate but it will not pull a dhcp address,
> I have read that this was an issue with 10.6 snow leo
Hi , has anyone else seen issues using wpa2 enterprise wireless where a Macbook
OSX 10.9.X will authenticate but it will not pull a dhcp address, I have read
that this was an issue with 10.6 snow leopard, but I am seeing the same issue
with 10.9 . I have some machines connect no problem but I
If I ever invent an IT drinking game, it's going to include at least one shot
for every time a wifi vulnerability fails to mention if it applies to PSK, 1x,
or both.
Frank Sweetser fs at wpi.edu| For every problem, there is a solution that
Manager of Network Operations | is simple, eleg
I saw he covered it in his Podcast this morning, but I didn't have the 90
minutes to listen to it to find where he mentioned it.
I did see his twitter comment that it read like a student with a Term paper
due.
Mike
On Wed, Mar 26, 2014 at 12:46 PM, Mike Albano wrote:
> Steve Gibson bought the
Steve Gibson bought the paper and went through it. Long story short: "news
flash -- weak PSK's can be brute-forced".
Nothing new at all.
Mike Albano
On Sat, Mar 22, 2014 at 3:39 AM, Ryan McLeod wrote:
> I will be out of the office until Monday March 31st. Please direct all
> tech needs to t
I will be out of the office until Monday March 31st. Please direct all
tech needs to the Tech Helpdesk. Thank you!
GO BEYOND!
Founded in 1821, New Hampton School is a coeducational, independent,
college preparatory boarding and day school for students in grades 9-12
and postgraduate.
www.newhampt
Everybody here should be using WPA2-Enterprise anyway, not WPA2-Personal with a
preshared key.
Bruce Osborne
Network Engineer - Wireless Team
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971
From: Mike King [mailto:m...@mpking.com]
Sent: Friday
So I saw this:
http://m.phys.org/news/2014-03-wpa2-wireless.html#jCp
It's pretty light on details. Makes you pay to see the paper. The blurb,
lead me to think they've exploited TKIP, NOT AES. Anyone heard more details?
**
Participation and subscription information for thi
t: Re: [WIRELESS-LAN] loadbalacing WPA2 802.1X traffic between controller
and radius servers
Interesting.
It does appear that there are issues cascading RADIATOR servers using
because the RADIUS "State" attribute used to track the
EAP conversations gets mangled as the message progresses through
gt;>
>>
>>
>>
>>
>>
>> --
>> Neil Johnson
>> Network Engineer
>> The University of Iowa
>> Phone: +1 319 384-0938
>> Fax: +1 319 335-2951
>> E-Mail: neil-john...@uiowa.edu<mailto:neil-john...@uiowa.edu>
>>
2, 2013 1:46 AM
To:
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>"
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] loadbalacing WPA2 802.1X traffic between controller and
radius servers
Hello,
Any WLAN colleagues are using a
]
Sent: Friday, November 22, 2013 2:46 AM
Subject: loadbalacing WPA2 802.1X traffic between controller and radius servers
Hello,
Any WLAN colleagues are using a loadbalacer to scale-out the auth (EAP) traffic?
Currently we use Radiator with frontend and multiple backend processes which
works fine
Hello,
Any WLAN colleagues are using a loadbalacer to scale-out the auth (EAP) traffic?
Currently we use Radiator with frontend and multiple backend processes which
works fine.
Wondering if loadbalancers can keep track of the state of an EAP authentication
At peek times we have 12K concurrent Wi-
running Ubuntu
> 12.04, Precise Pangolin, getting connected to WPA2 protected networks? I
> have reports of four students with this version of Linux not getting
> connected to our WPA2 Enterprise (802.1x) or the WPA2 Personal/preshared key
> wireless networks but they can connect to the ope
Hello folks,
I am wondering if anyone else is seeing a problem with laptops running Ubuntu
12.04, Precise Pangolin, getting connected to WPA2 protected networks? I have
reports of four students with this version of Linux not getting connected to
our WPA2 Enterprise (802.1x) or the WPA2
reless Issues Constituent Group Listserv
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Aaron Smith
> Sent: Wednesday, September 04, 2013 2:38 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Anyone seeing problems with Ubuntu 12.04
> using WP
- Original Message -
From: "Chris Hart"
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Wednesday, September 4, 2013 3:59:33 PM
Subject: Re: [WIRELESS-LAN] Anyone seeing problems with Ubuntu 12.04 using WPA2
protected networks?
We had a similar issue with Aruba 6.2.1.1 - The differenc
To add to what Philippe said, WPA2-PSK is officially called WPA2-Personal. It
is meant for home use where there is no authentication infrastructure.
The WPA2-Enterprise system requires an 802.1X authentication infrastructure for
support and it offers higher security than WPA2-Personal
Jason,
There is an assumption in my answer that I forgot to mention:
One can decrypt the traffic of another user with WPA2-PSK if one knows the
passphrase of that particular WPA2-PSK network.
This doesn't mean that WPA2-PSK is broken, but that in a large environment
where everyone know
o: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Is it possible to crack a WPA2 Enterprise network
Jason,
Your subject mentions WPA2-enterprise, and the body of your text mentions PSK.
If you move your infrastructure
Jason,
Your subject mentions WPA2-enterprise, and the body of your text mentions PSK.
If you move your infrastructure to WPA2-PSK, yes if someone watches the 4 way
handshake they can get the key between AP and device for
all people on the WPA2-PSK network.
With WPA2-enterprise it is more
We planned to move to a psk ssid but have heard that it is possible to decrypt this traffic if you have the key and watch the 4 way handshake to get the key between the ap and device.
Has anyone run into this or been able to do this?
**
Participation and subscription informati
Network Services
(434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971
From: John McMillan [mailto:jmcmil...@southalabama.edu]
Sent: Wednesday, April 17, 2013 9:54 AM
Subject: Re: Verifying or Validating Server Certificate when using WPA/WPA2 and
8021x WLAN
We use a public CA
:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Ian McDonald
*Sent:* Wednesday, April 17, 2013 9:13 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Verifying or Validating Server Certificate
when using WPA/WPA2 and 8021x WLAN
Don’t you use a .mobileconfig file?
--
ian
ating Server Certificate when
using WPA/WPA2 and 8021x WLAN
We use a public CA, but the default configuration for PEAP on windows is to
verify the certificate and not trust any CA. As part of our client
configuration guide we have them scroll through the CA list and select it as
trusted. Our
when using WPA/WPA2 and 8021x WLAN
Assuming PEAPv0 is used, this is expected behavior when you're using a
private PKI (Microsoft CA for example) as the client won't trust the
private CA unless you've used a method to get the private PKI root
certificate to the client.
In enterpri
gt; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Lee H Badman
> *Sent:* Tuesday, April 16, 2013 8:38 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Verifying or Validating Server Certificate
> when using WPA/WPA2 and 8021x WLAN
>
> ** **
>
&g
el
*Sent:* Wednesday, 17 April 2013 4:11 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Verifying or Validating Server
Certificate when using WPA/WPA2 and 8021x WLAN
Thanks Lee. I am going to take a look at Cloudpath.
mike
*/Michael M. Williams/*
Network Syste
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Verifying or Validating Server Certificate when
using WPA/WPA2 and 8021x WLAN
Vote 2 for cloudpath, we have found the software to be extremely helpful in
configuring, updating and troubleshooting clients.
As already stated this is ex
ailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Williams, Mr.
Michael
Sent: Wednesday, 17 April 2013 4:11 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Verifying or Validating Server Certificate when
using WPA/WPA2 and 8021x WLAN
Thanks Lee. I am going to
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, April 16, 2013 8:38 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Verifying or Validating Server Certificate when
using WPA/WPA2 and
rver Certificate when using WPA/WPA2 and
8021x WLAN
Our wireless network consists of a two Cisco wireless controller, 240 APs and
we use Cisco ACS 5.2 as our RADIUS server. One of our wireless networks is
configured to use WPA/WPA2 with 802.1x and PEAP w/ MSCHAP v2. After updating
the server certifi
Tim Cappalli
[cappa...@brandeis.edu]
Sent: Tuesday, April 16, 2013 9:12 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Verifying or Validating Server Certificate when
using WPA/WPA2 and 8021x WLAN
This is definitely normal behavior. The only way to get around this would
Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Steve Bohrer
Sent: Monday, April 15, 2013 11:02 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Verifying or Validating Server Certificate when
using WPA/WPA2 and 8021x WLAN
s, Mr. Michael <
mmwilli...@tarleton.edu> wrote:
> Our wireless network consists of a two Cisco wireless controller, 240 APs
> and we use Cisco ACS 5.2 as our RADIUS server. One of our wireless
> networks is configured to use WPA/WPA2 with 802.1x and PEAP w/ MSCHAP v2.
> Af
On Apr 15, 2013, at 11:34 AM, "Williams, Mr. Michael"
wrote:
> One of our wireless networks is configured to use WPA/WPA2 with 802.1x and
> PEAP w/ MSCHAP v2. After updating the server certificate on the ACS, our
> wireless users were asked to verify or validate the
On Apr 15, 2013, at 10:34 , "Williams, Mr. Michael"
wrote:
>
> ne of our wireless networks is configured to use WPA/WPA2 with 802.1x and
> PEAP w/ MSCHAP v2. After updating the server certificate on the ACS, our
> wireless users were asked to verify or validate the ser
ifying or Validating Server Certificate when using
WPA/WPA2 and 8021x WLAN
Our wireless network consists of a two Cisco wireless controller, 240 APs and
we use Cisco ACS 5.2 as our RADIUS server. One of our wireless networks is
configured to use WPA/WPA2 with 802.1x and PEAP w/ MSCHAP v2.
Our wireless network consists of a two Cisco wireless controller, 240 APs and
we use Cisco ACS 5.2 as our RADIUS server. One of our wireless networks is
configured to use WPA/WPA2 with 802.1x and PEAP w/ MSCHAP v2. After updating
the server certificate on the ACS, our wireless users were
RELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Christopher Wieringa
Sent: Wednesday, August 01, 2012 8:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] MS-CHAPv2 cracks for WPA2-Enterprise?
It is possibly to do WPA2-Enterprise with only EAP-MSCHAPv2 authentication, and
this is wha
e
Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971
From: Joe Roth [mailto:jr...@binghamton.edu]
Sent: Friday, August 03, 2012 4:03 PM
Subject: Dot1x/WPA2 and machine authentication
We are in the process of rolling out the Cisco
We are in the process of rolling out the Cisco Identity Services Engine as
well as a WPA2 SSID, and have run into an issue, I did some research online
and have not come up with much so I was hoping someone else could shed some
light on this...
By default Windows will first attempt to do machine
1 - 100 of 251 matches
Mail list logo