Wireless LAN Security with 802.1x, EAP-TLS, and PEAP - Black Hat

More documents

Recommendations

Info

Setup �� Build Windows Server 2003 IAS server �� Join to domain �� Enroll computer certificate �� Register IAS in Active Directory �� Configure RADIUS logging �� Add AP as RADIUS client �� Configure AP for RADIUS and 802.1x �� Create wireless client access policy �� Configure clients Don’t forget to import CA root
Access policy Policy condition NAS-port-type = Wireless IEEE 802.11 and Wireless other Windows-group = Optional; allows administrative control Should contain user and computer accounts Profile No regular authentication methods EAP type: protected EAP; use certificate from step 3 Encryption: only strongest (MPPE 128-bit) Attributes: Ignore-user-dialin-properties = True
Page 1 and 2: Wireless LAN Security with 802.1x,
Page 3 and 4: Wired equivalent privacy
Page 5 and 6: Common attacks Bit-flipping (encryp
Page 7 and 8: More IV problems Say an AP constant
Page 9 and 10: Classes of attacks Authentication f
Page 11 and 12: WEP suckage Same key reused over an
Page 13 and 14: 802.1x
Page 15 and 16: Is 802.1x enough? No It does solve:
Page 17 and 18: 802.1x over 802.11 Supplicant Authe
Page 19 and 20: Before authentication Supplicant th
Page 21 and 22: 802.11/802.1x state machine Class 1
Page 23 and 24: Extensible authentication protocol
Page 25 and 26: Authentication methods EAP allows c
Page 27 and 28: Protected EAP (PEAP) Extension to E
Page 29 and 30: Note Do not configure IAS and XP fo
Page 31 and 32: Security requirements, again Mutual
Page 33 and 34: Windows PEAP authentication First p
Page 35 and 36: Our requirements so far Mutual devi
Page 37 and 38: Windows PEAP authentication First p
Page 39 and 40: Windows PEAP authentication Second
Page 41 and 42: Why use machine accounts? Domain lo
Page 43 and 44: Remaining vulnerabilities
Page 45 and 46: Bit-flipping attacks WEP doesn’t
Page 47 and 48: Solution: keyed IC Change behavior
Page 49: System requirements Client: Windows
Page 53 and 54: Interoperability PEAP standards aut
Page 55 and 56: The future—long term IEEE is work
Page 57: © 2003 Microsoft Corporation. All

Wireless LAN Security with 802.1x, EAP-TLS, and PEAP - Black Hat

Create successful ePaper yourself

Delete template?

Save as template?