1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WPA2-Enterprise security

Discussion in 'Wireless' started by warrmr, Aug 20, 2008.

  1. warrmr

    warrmr Byte Poster

    130
    4
    24
    Hi guys,

    I have a few questions to ask around here and it concerns the security of a WPA2-Enterprise secured wireless network.
    I have just baught myself a ZyAIR G2000 Plus wireless router and i have gone for this one because it has a inbuilt cutdown RADIUS server that supports 32 clients and im abit paranoied about wireless networks in general.

    Now from what i understand of WPA2 enterprise is that it consists of 2 parts Association and Authentication. so there are 3 things that are needed to be able to use the network they are a valid certificate, a username and a password.

    I think if you forged the certificate you could still associate with the AP but without the username password you could not authenticate with RADIUS therefore not be able to access the network resources.

    What i am asking is how secure it this setup i know the most secure way is not to have wireless and limit physical access to the network, but this is not a choice in my new flat as i wont be able to wire up the network points without getting a network engeneer contractor to do it and pay through the nose ( a term of my lease that any electrical/plumbing or communication works have to be contracted out).

    Also with the certificates there are 2 options the first is to goto a CA like verisign and get one of theres and pay lots of money or the second is to use the inbuilt CA and make your own self certifyed certificate.
    How easy would it be for a malitious person to spoof the certificate for my AP?

    One final note I am NOT asking how to hack/crack WPA2-enterprise i just want to know if its possible and how easy it is and if its been done before.
    I know WEP and WPA-PSK has been done and now anyone can do it with readly avalable software off the interent and minimum *nix knowlage.

    Also I currently own a netgear fvs124G router/firewall vpn box, that i am replacing with this AP now i want to know is there a way of rigging this up on the LAN side of the AP to act as a VPN server so that i could dial into my network and allow my sister access while she is at uni. I dont want to have to setup a dedicated VPN server i woudl prefer if it was in some form of low power embedded device ( i know this is asking alot.)
     
    Certifications: MCP 70-270, 70-290
    WIP: MCSA + Messaging, MCSE + Security
  2. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    Weirdly I found exactly the same post on the remote exploit forums :p (Link)

    Anyway... Information which may calm your worries can be found at the following:-

    Wi-Fi Protected Access - Link

    Additional information specifically concerning WPA2 - Link


    Hope this helps. :)

    Qs
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  3. warrmr

    warrmr Byte Poster

    130
    4
    24

    The posts were made by the same person what are the chances :P
    thanx for the links looks like there is abit of info there to read
     
    Certifications: MCP 70-270, 70-290
    WIP: MCSA + Messaging, MCSE + Security
  4. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    Really? :ohmy lol

    No problem, hope it quells your worries. If not, there's always alcohol. :p
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  5. warrmr

    warrmr Byte Poster

    130
    4
    24
    after reading through those links it looks like WPA2 is very secure and then combined with an authentication protocol like Peap/RADUS no one is going to get far.

    the wikipedia aretical doesnt really cover much abotu WPA2 enterprise but im assuming it will use the same AES encription protogol alongside the PEAP/RADIUS authentication.


    so the weakest points will be the indervidual users passwords and the Preshared Key if one is used.

    and the certificate is hard to fake without knowing the things used to generate it and if its from an online CA then its really hard to fake. or am i looking at things the wrong way.

    Cryptography is well over my head so im just pulling bits that i understand aout of all of the acrimons and complicated bits.
     
    Certifications: MCP 70-270, 70-290
    WIP: MCSA + Messaging, MCSE + Security
  6. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    Glad the information helped you :)

    Everyone's a bit paranoid about wireless but yeah, make sure your key/passwords are chosen well and you should be fine. :)

    Qs
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  7. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    I think we've found someone to take GBLs place during his 3-month absence. :p

    In truth, when GBL returns, I won't even need to post anymore! :biggrin
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  8. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    :hhhmmm
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  9. warrmr

    warrmr Byte Poster

    130
    4
    24
    This is what i love about this forum, you ask a qurestion and you get an answer within a few hours. where as my thread on the remote exploit forums that Qs linked to with the same question has been viewed 86 times and not one reply.
     
    Certifications: MCP 70-270, 70-290
    WIP: MCSA + Messaging, MCSE + Security
  10. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    The love for CF is strong!
     

Share This Page

Loading...