RE: Wireless Encryption Methods (eg; WPA2) vs Forced Secure Proxy Redirects

["Malick Sy" <sy_malick () hotmail com>]

Le jeudi 04 mars 2010 à 16:02 +0100, Malick Sy a écrit :
> All in all leads to a major admin nightmare, to circumvent this, you 
> use a captive portal which forces users to authenticate securely via 
> local database, RADIUS or whatever flavour AAA is installed..
---------------------
And what using WPA/WPA2 in enterprise mode, aka EAP authentication to a
RADIUS server ? Now your captive portal has no advantage whatsoever.
Only drawbacks...
-----------------
 
Not sure what you mean Cedric, please rephrase, remember we are talking
wireless hotspots not paranoid banks, so we probably don’t want to start
with the EAP/PEAP/ encrytpion saga.....WPA/WPA2 (802.11x) also require
supplicants (Yes Windows ships wirth one) but this is all a
nightmare....captive portals are deployed in airports, hotels, conference
centres all over the world....I think they are quiet advantageous to the
people using them

For security, it is possible to configure the guest wireless devices to be
in separate vlans (via RADIUS auth), but my point is in 10 years of
deploying productiuon networks, I have not come across a captive portal or
hotspot scenario using WPA or WPA2...if u are a serious user anywya, u will
know to start ur ipsec vpn client soon as u connect to a public wifi
hotspot. Coupled with good host security, u should be home scott free!


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------