[Dshield] Wireless broadcasts

Cefiar cef at optus.net
Wed Jun 29 03:57:37 GMT 2005


On Wednesday 29 June 2005 02:48, Daniel Cherton wrote:
> Which is why I'm switching to 802.1x and PEAP .
>
> Anybody knows a free RADIUS server for Windows, else I'll go with Linux.

As mentioned IAS does that job. Are you sure you want to use PEAP though? 
There are 2 implementations of PEAP - one from Cisco, one from MS and they 
vary just enough to cause issues. You should also note that any user ID stuff 
(not the password, just the username/ID) is sent in the clear with PEAP. 
Personally, I'd recommend TTLS if you're really interested in security. TTLS 
also uses much less traffic to actually authenticate with the server compared 
to PEAP. A real boon if you migrate between AP's (as you need to 
re-authenticate), and reduces the load on the Radius server. It also allows 
the client to actually authenticate that it's talking to the right server, 
rather than just assuming that whatever server it's talking to is the correct 
one.

-- 
 Stuart Young - aka Cefiar - cef at optus.net


More information about the list mailing list