Security

Reply
Occasional Contributor I

EAP-PEAP(MSCHAPv2) -- Secure? Alternatives? Cross-Platform?

Hi Folks,

 

We have a potential consultant recommending that we use EAP- PEAP(MSCHAPv2) and an appropriate supplicant in order to authenticate our wireless computers.

 

A few questions:

 

--Does this protocol work with or replace RADIUS authentication?

--Is it secure? I seem to recall that MSCHAPv2 was broken a long time ago?

--Does it work on Mac, PC, Linux?

--Are there viable alternatives? EAP-GTC?

 

Thanks!

Guru Elite

Re: EAP-PEAP(MSCHAPv2) -- Secure? Alternatives? Cross-Platform?

Configured correctly it is secure. There are ways to misconfigure it in a manner that is insecure, however. Those protocols work over radius, so radius is not something separate, it is the delivery mechanism.

Please see the document here for more ideas:

https://www.google.com/url?sa=t&source=web&rct=j&url=https://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/295/1/WP_BUILDING%2520GLOBAL%2520SECURITY%2520POLICIES%255B1%255D.pdf&ved=0ahUKEwjjhfKf1KHVAhUijFQKHbnRBRAQFggpMAA&usg=AFQj...


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite

Re: EAP-PEAP(MSCHAPv2) -- Secure? Alternatives? Cross-Platform?

If security is a concern, EAP-TLS is the only recommended EAP method.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: