On 30/09/2016 14:57, Stefan Winter wrote:
No CA checks means all your passwords are up for grabbing for everyone with a glimpse on Enterprise Wi-Fi. What he said.
It's interesting to note that the "home" version of WPA, with a single pre-shared key (PSK), provides strong mutual authentication as standard. If a rogue access point is set up but has the wrong pre-shared key, the client simply won't be able to connect. Job done. Unfortunately, "enterprise" WPA is a lot murkier. The two most commonly implemented versions are: * EAP-TLS: each side proves its identity to the other with a certificate * PEAPv0 with MSCHAPv2 - the AP [actually RADIUS server] proves its identity with a certificate, and the client with username/password In both cases, if the client doesn't validate the certificate presented by the AP/RADIUS server then they could be connecting to a rogue access point, and all their traffic intercepted. In the PEAP case they will also be giving away their login credentials! Since there's no way to bind an SSID to a certificate directly, you have to manually *configure* every client to know which certificate DN(s) the AP should expect when connecting to that SSID. If you don't do that, then you're vulnerable to trivial attacks from rogue access points. (Maybe it's safer to use a different password for wireless access than for the rest of your enterprise services to mitigate the problem? But if you're going to do that, you could just go the EAP-TLS route anyway. And it doesn't obviate the need for checking the AP certificate to prevent traffic interception) There *is* a protocol which gives strong mutual authentication using a password and without the need for certificates: EPA-EKE (RFC 6124). However it's relatively new and I've not seen it deployed. Also it doesn't seem to be supported by FreeRADIUS at least according to http://freeradius.org/features/eap.html Regards, Brian. P.S. Nice paper here: https://fachschaft-informatik.de/_media/fachschaft:802.1x-security-analysis....