[unisog] VPN Protection of Wireless Networks
flynngn at jmu.edu
Thu Dec 13 21:45:25 GMT 2001
"Jose A. Dominguez" wrote:
> On Thu, 13 Dec 2001, Gary Flynn wrote:
> > In October I asked about vendor lockins on various security options
> > for wireless networks. VPN protection was mentioned quite often.
> > From my reading, effective VPN protection would require each individual
> > user to have a unique key or digital certificate. Are people actually
> > doing that? If so, how are you handling the administration of handing
> > out and revoking keys and certificates? What, if anything is done to
> > educate the end user of the importance of keeping them secret?
> Having certificates would be nice but it's not arequirement. You can do
> that with Radius and standared username/password pairs. It'll all depend
> on what tunnel termination device you use.
If a shared key is used to connect to the VPN concentrator before
authentication, doesn't this leave the subsequent authentication
credentials up for grabs in a MIM attack from anyone else with
the shared key?
Security Engineer - Technical Services
James Madison University
More information about the unisog