Wireless LAN Security with 802.1x, EAP-TLS, and PEAP - Black Hat

More documents

Recommendations

Info

Encryption keys Client and RADIUS server generate peruser session WEP keys Never sent over the air RADIUS server sends key to AP (encrypted with RADIUS shared secret) Access point has a global WEP key Used during AP authentication to client Sent in EAPOW-key message Encrypted with session key Session keys regenerated when… Key time exceeded (60 minute default) Client roams to new AP
Extensible authentication protocol
Page 1 and 2: Wireless LAN Security with 802.1x,
Page 3 and 4: Wired equivalent privacy
Page 5 and 6: Common attacks Bit-flipping (encryp
Page 7 and 8: More IV problems Say an AP constant
Page 9 and 10: Classes of attacks Authentication f
Page 11 and 12: WEP suckage Same key reused over an
Page 13 and 14: 802.1x
Page 15 and 16: Is 802.1x enough? No It does solve:
Page 17 and 18: 802.1x over 802.11 Supplicant Authe
Page 19 and 20: Before authentication Supplicant th
Page 21: 802.11/802.1x state machine Class 1
Page 25 and 26: Authentication methods EAP allows c
Page 27 and 28: Protected EAP (PEAP) Extension to E
Page 29 and 30: Note Do not configure IAS and XP fo
Page 31 and 32: Security requirements, again Mutual
Page 33 and 34: Windows PEAP authentication First p
Page 35 and 36: Our requirements so far Mutual devi
Page 37 and 38: Windows PEAP authentication First p
Page 39 and 40: Windows PEAP authentication Second
Page 41 and 42: Why use machine accounts? Domain lo
Page 43 and 44: Remaining vulnerabilities
Page 45 and 46: Bit-flipping attacks WEP doesn’t
Page 47 and 48: Solution: keyed IC Change behavior
Page 49 and 50: System requirements Client: Windows
Page 51 and 52: Access policy Policy condition NAS-
Page 53 and 54: Interoperability PEAP standards aut
Page 55 and 56: The future—long term IEEE is work
Page 57: © 2003 Microsoft Corporation. All

Wireless LAN Security with 802.1x, EAP-TLS, and PEAP - Black Hat

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?