PEAP creates an encrypted TLS tunnel between the client and the authentication server. The keys for this encryption are transported using the server's public key. The ensuing exchange of authentication information inside the tunnel to authenticate the client is then encrypted and user credentials are safe from eavesdropping.
Use a trusted certificate for authentication: The RADIUS server must be configured with a digital certificate that is signed by a trusted certificate authority (CA), using a private or a public CA.
Validate the server certificate on all clients: All PEAP clients must validate the server certificate for authentication. A Trusted Root CA, that issued the server certificate, must be installed in client.
Reference:
http://www.networkworld.com/columnists/2007/042307-wireless-security.html
http://revolutionwifi.blogspot.com/2010/09/peapv0-packet-flow-reference.html
http://www.keyboardlife.net/2010/06/8021x-port-based-authentication-wired.html
I am truly inspired by this online journal! Extremely clear clarification of issues is given and it is open to every living soul. I have perused your post, truly you have given this extraordinary informative data about it.
ReplyDeleteSQL Server Enterprise Edition