Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

EAP-PEAP(MSCHAPv2) -- Secure? Alternatives? Cross-Platform?

This thread has been viewed 0 times

  • 1.  EAP-PEAP(MSCHAPv2) -- Secure? Alternatives? Cross-Platform?

    Posted Jul 24, 2017 01:25 AM

    Hi Folks,

     

    We have a potential consultant recommending that we use EAP- PEAP(MSCHAPv2) and an appropriate supplicant in order to authenticate our wireless computers.

     

    A few questions:

     

    --Does this protocol work with or replace RADIUS authentication?

    --Is it secure? I seem to recall that MSCHAPv2 was broken a long time ago?

    --Does it work on Mac, PC, Linux?

    --Are there viable alternatives? EAP-GTC?

     

    Thanks!



  • 2.  RE: EAP-PEAP(MSCHAPv2) -- Secure? Alternatives? Cross-Platform?

    EMPLOYEE
    Posted Jul 24, 2017 06:01 AM
    Configured correctly it is secure. There are ways to misconfigure it in a manner that is insecure, however. Those protocols work over radius, so radius is not something separate, it is the delivery mechanism.

    Please see the document here for more ideas:

    https://www.google.com/url?sa=t&source=web&rct=j&url=https://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/295/1/WP_BUILDING%2520GLOBAL%2520SECURITY%2520POLICIES%255B1%255D.pdf&ved=0ahUKEwjjhfKf1KHVAhUijFQKHbnRBRAQFggpMAA&usg=AFQjCNGbEcL6idI9hmqpyqM_CHCWshJobQ


  • 3.  RE: EAP-PEAP(MSCHAPv2) -- Secure? Alternatives? Cross-Platform?

    EMPLOYEE
    Posted Jul 24, 2017 09:47 AM

    If security is a concern, EAP-TLS is the only recommended EAP method.