Security

Reply
Highlighted
Occasional Contributor II

How secure is captive portal authentication?

Airheads,

 

I have some secuirty quries for Captive portal based guest solutions

 

Over wireless, After captive portal authentication (without mac-auth),

1. Will there be any 4-way handshake between client and AP after authentication?

2.If 4-way handshake, will cppm provide MSK(master session key) to authenticator?

3.If there is no 4-way handshake, will the traffic be open and visible if do packet capture?

4.Adding Mac-authentication to this improves any security(interms of encryption)?

 

 

Thanks a lot!!

 

Re: How secure is captive portal authentication?

It really depends on how the SSID has been configured.

 

If it is an Open SSID with captive portal authentication (usual worksflow for guest networks), yes, traffic over Wi-Fi will not be encrypted and can be sniffed.

 

Mac auth is still an authentication mechanism. An SSID with no encryption and MAC auth can still be sniffed.

 

Unless you select an Encryption method for the SSID, data can be sniffed.

JayBee
ACDX | ACCX| CCIE (RnS/SP,DC) | ACCP | ACMP | ACSA | ACMA | CWNA | JNCIS | JNCIA
If the provided solution resolves your issue, please mark it as accepted solution to help others.
Occasional Contributor II

Re: How secure is captive portal authentication?

Thanks Jaybee,

 

For enterprise guest network, is there any method to encrypt data except onboard, onguard and preshared key?

 

 

Guru Elite

Re: How secure is captive portal authentication?

Enhanced Open, but there are very few clients.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: