PEAP is a common authentication option for wireless networks, and is widely adopted by Microsoft-centric organizations due to native client support in Windows XP and Vista. PEAP can be a strong authentication choice for wireless LAN environments, if organizations follow a few steps to ensure the integrity of the deployment.
Disable unused EAP types on the RADIUS server. If your organization is using PEAP as the sole authentication mechanism, ensure that PEAP is the only permitted EAP type.
Use a trusted certificate for authentication. The RADIUS server must be configured with a digital certificate that is signed by a trusted certificate authority (CA), using a private or a public CA.
Validate the server certificate on all clients. All PEAP clients must validate the server certificate for authentication. Failure to validate the server certificate compromises the integrity of the PEAP exchange.
Identify the issuing certificate authority on clients. By default, the Windows XP client trusts all the root certificate authorities in the certificate store. Workstations should be configured to select only the certificate authority that issued the server certificate.
Identify the authentication server hostname on clients. By default, the Windows XP PEAP supplicant will accept any trusted digital certificate for authentication, allowing an attacker to impersonate the legitimate RADIUS server if the signing authority is also trusted. To mitigate this vulnerability, configure the PEAP supplicant to identify the authorized RADIUS servers by selecting the "Connect to these servers" options. Supply the name of the RADIUS server that matches the hostname identified on the server certificate.
After successfully configuring these settings on the XP supplicant, the PEAP properties should appear as shown below.
Tak lama lagi akan masuk musim panas. Mesti susah nak tidur malam. Nak pasang 'aircond' tak mampu. Nanti bil letrik melambung. Nie a...
Benelli tnt ekzosnya dua, Agusta F4 empatlah pula, Mari bermaafan sesama kita, Di pagi Aidilfitri yang mulia. Akrapovic b...
iPhone SSL Warning and Safari Phishing RFC 1918 Blues Slowloris HTTP DoS CSRF And Ignoring Basic/Digest Auth Hash Information Disclosure Via...
In the new game, players can choose between five characters from House Forrester, offering five different perspectives. However, actions tak...
SERI KEMBANGAN : Pengalaman hampir lemas ketika kecil mendorong Kang Xiao Wei, 18, mencipta sebuah prototaip pelampung penyelamat yang dina...
When you need an alarm system for your home or office the best one you can get is the wireless alarm system. These systems are becoming very...