Wireless Security
Re: EAP-TTLS Question Aug 27 2008 02:52AM
Christopher (vooduhal gmail com) (2 replies)
Re: EAP-TTLS Question Aug 27 2008 05:36PM
Joshua Wright (jwright hasborg com)
Re: EAP-TTLS Question Aug 27 2008 02:52PM
Christopher (vooduhal gmail com) (1 replies)
Re: EAP-TTLS Question Aug 28 2008 01:20PM
Joshua Wright (jwright hasborg com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christopher wrote:
> I seem to have answered my own question with a little testing. So
> what would be the most secure way to deploy enterprise wireless
> without client-side certificates?

You'll need to establish the appropriate trust for your server-side
certificates and allow only the certificate common names (CN') for you
RADIUS certificates. You'll also need to forbid users from accepting
previously unrecognized certificates. This is possible in WZC
(manually, or through GPO) and with Juniper Odyssey. AFAICT, this is
not possible with the OSX supplicant.

- -Josh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iQIVAwUBSLamKjWX3FIa1TkuAQIrgw//QRAe3LhgEl6GRGnrHuK5BSv+aiNinzqu
Vv9VM4nKInoGeU+CYcg1hDdXdsOczFg8SVp6ycSWcQCBLM65bbTdNfKmDi/KffV5
ltzJhCKOtWmhA8FGNA1YLfbpgt2hRxYYMrk8STqMoCU07CJFEARTBWcmKTJJo4MQ
E4MPo2sQRN5/Z9If0DWrWOc1jnV1bOmAYIJqanHD14/qu1k5OIxM2JbTrwwL0IWP
EPRfmx8AEou3Dw+xOx/e3YTVJz8l+45f8wApQbri+gdV/0YyaVzb2ZYy9nOma4CD
i0FQ8Z/McqicLBforSu1KCo7JBROd71zFS6M93SmdaTRgw9d/63pHKTqf5cLyd+i
6wSdx6dATWc+MXj33v1gM3ughBxed8Fzts6QHEC/YWlmVjCErJOYygF4NSBkl7ty
3hSSVa5TIJCP7IUUxPDZgMwt7qFxLneXLy1sgQHviOfx+gCAZs2BZHQbsnE9g+ms
JF6TAOAooNxHr7AouepGYMGtHOG+qXKgzxVHEy9Qx81KPzrPzHA9LyV7hJyY4RR6
kT4GOyOPUBmPavHzdJydfXko+agcNotJ7Ltb+PNfReGlIHQ44dwj/W1PF6+UMKuo
RR0G8zHFxAy+hu2CmszKheSvG8ivy8BMqlmjN0RYGe+YjYn3cQLAMqV82FsexdSb
SlzvhEpzMmE=
=r/Oj
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus