08-30-2012 08:10 PM
Hello everyone i open this topic because i have seen many incorrect configured stations yeah they work but they are not well configured and they are insecure...
Anyways ill give a sample config of the configuration and why im selecting those options
1-Here we select EAP PEAP and click on settings.
Okay here comes the important part
2-We check on the validate server certificate which we all do and windows 7 do it automatically
3-We check and also TYPE the radius server or servers on connect to these servers. This is really important because if you dont select a server this is where someone with a man in the middle attack can get someone user and password.
4-You select the root certifcate
5-checkbox Donot prompt user to authorize new servers or trusted root certifcate
6-Make that the user cannot change any of these settings :)
Now how they can hack my WPA2? well with misconfigurations... here is an example of an scenario of what could happen if you do a misconfigured clients on your deployment.
1-They create a fake ap matching the ssid and encryptaon of the network
2-They create their own fake RAidus Server
3-They deathenticate someone and lure him to connect to the fake AP
4- The user will see The dialog box that is presented Their certificate will verify that the network they are joining is correct and legitimate the normal user will just accept everything as they are clueless
5-User just send the hacker their user and encypted pass which they can then do a dictionary attack to get the pass..
Anyways this is just negligence by people setting up PEAP or not knowing how to set it up....
I made the article because like i said i have seen many deployment with these common misconfigurations
Hope it can help someone and also any comment or correcting is welcome :)
Product Manager - Aruba Networks
Solved! Go to Solution.
08-21-2014 04:06 AM
in "connect to these servers" instead of dns name of the radius server, can we mention IP-address of the server directly?
how we can mention the servers in the configuration, when there are multiple radius-servers.
08-21-2014 04:32 AM
08-21-2014 04:30 PM
08-21-2014 04:44 PM
Not sure about troubleshooting but most modern radius servers have a way of returning the inner-id to the nas device, so it might be a false sense of security.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
08-21-2014 04:45 PM