We have seen a ton of attacks against WPA/WPA2, both Personal and Enterprise. Based on our experience, we recommend the following:
- For SOHOs and medium-sized businesses, use WPA2-PSK with a strong passphrase. You have up to 63 characters at your disposal. Make use of them.
- For large enterprises, use WPA2-Enterprise with EAP-TLS. This uses both the client- and server-side certificates for authentication, and currently is unbreakable.
- If you have to use PEAP or EAP-TTLS with WPA2-Enterprise, then ensure that certificate validation is turned on, the right certifying authorities are chosen, RADIUS servers that are authorized are used, and finally, that any setting that allows users to accept new RADIUS servers, certificates, or certifying authorities is turned off.
Q1. Which of the following is FreeRADIUS-WPE?
- A RADIUS server written from scratch
- A patch to the FreeRADIUS server
- Ships by default on all Linuxes
- None of the above
Q2. Which of the following can be used to attack PEAP?
- Fake credentials
- Fake certificates
- Using WPA-PSK
- All of the above
Q3. What does EAP-TLS use?
- Client-side certificates
- Server-side certificates
- Either 1 or 2
- Both 1 and 2
Q4. What does EAP-TTLS use?
- Client-side certificates only
- Server-side certificates
- Password-based authentication
- LEAP
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.