Re: Auditing WPA/WPA2 wifi networks

["C. L. Martinez" <carlopmart () gmail com>]

My answers inline.

On Sat, Mar 9, 2013 at 10:40 PM, Robert Portvliet
<robert.portvliet () gmail com> wrote:
> So, your main concern with EAP-TLS is the security of the client side
> certificates. The types of MITM attacks that PEAP and EAP-TTLS are
> vulnerable to (FreeRadius-WPE) don't come into play. The attacker will have
> to actually obtain one of the client's certificates to gain access to the
> network.

That's one of the options that we want to test.

> However, on that note, when you say external users (on this 3rd AP), I took
> that to mean non-employee users.

Correct.

> If you don't mind me asking, how are you planning to manage using EAP-TLS with them? (due to the requirement for a
> client side cert) (or did I completely misunderstand?).

You've understood correctly. The idea is to use the most secure EAP
possible (we had thought on EAP-TLS, but we can change it) or at
least, detect and mitigate its consequences.

> My thought about the servers though, if they are in fact accessed by
> employees and non-employees, is to keep in mind that they could be a
> possible jump off point into your internal network if compromised. It might
> pay to put them in some kind of segregated DMZ type environment.

Sure. We have segregated all possible accesed servers by
non-employees, but there are other internal servers that they need
access.
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com