Security

Reply
Occasional Contributor I

EAP-PEAP(MSCHAPv2) -- Secure? Alternatives? Cross-Platform?

Hi Folks,

 

We have a potential consultant recommending that we use EAP- PEAP(MSCHAPv2) and an appropriate supplicant in order to authenticate our wireless computers.

 

A few questions:

 

--Does this protocol work with or replace RADIUS authentication?

--Is it secure? I seem to recall that MSCHAPv2 was broken a long time ago?

--Does it work on Mac, PC, Linux?

--Are there viable alternatives? EAP-GTC?

 

Thanks!

Guru Elite

Re: EAP-PEAP(MSCHAPv2) -- Secure? Alternatives? Cross-Platform?

Configured correctly it is secure. There are ways to misconfigure it in a manner that is insecure, however. Those protocols work over radius, so radius is not something separate, it is the delivery mechanism.

Please see the document here for more ideas:

https://www.google.com/url?sa=t&source=web&rct=j&url=https://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/295/1/WP_BUILDING%2520GLOBAL%2520SECURITY%2520POLICIES%255B1%255D.pdf&ved=0ahUKEwjjhfKf1KHVAhUijFQKHbnRBRAQFggpMAA&usg=AFQj...

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Guru Elite

Re: EAP-PEAP(MSCHAPv2) -- Secure? Alternatives? Cross-Platform?

If security is a concern, EAP-TLS is the only recommended EAP method.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: