802.1X Extra Miles

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Wed May 4 18:30:13 CEST 2016


>  - since the above are just only deployed in my testing environment, and I
> m supposed to deploy the same for 1k users, how much memory
> (RAM,HD,Processor) should I allocate to radius server! The DB is also on
> the same server as Freeradius.

a quite basic server for 1000 devices. 2GHz, 4Gb RAM, 120G HD.  thats probably overkill.

>  - what kind of extra-layer could I add to the authentication layer (PC
> authentication PEAP + MSCHAP v2, against AD 2008, + MAC Verification) to
> make it even 'more secure'?

its pretty strong stuff so long as the client is correctly configured..... next step up
would be to run your own PKI and use EAP-TLS instead.  the Mac auth is your weak point...
whats stopping someone borrowing a known/valid MAC address? are you suing some kind of system/OS/fingerprint
in conjunction with MacAuth ?


More information about the Freeradius-Users mailing list