Tuesday, June 1, 2010

Wi-Fi Tip: Server Validation

In order to ensure that an attacker cannot impersonate the approved
network infrastructure AAA server, enable client-side server validation.

This setting instructs the client to compare the presented server
certificate credentials during EAP phase 1 to the list of approved
servers, and to only continue the authentication process if connecting
to a valid server.

This can prevent RADIUS server impersonation by tools such as
FreeRadius-WPE.

Support for this feature varies between vendors.

No comments:

Post a Comment