User's Guide
What It Is
What's New
Key Features List
ClearBox Enterprise vs ClearBox
System Requirements
Purchasing Licenses
Getting Started
Quick Start
Understanding Server Components
Managing User Accounts
Configuring RADIUS Realms
Realm Settings
Realm Rules
Dynamic Realm Rules
Authentication Protocols Compatibility
Logging Authentication Packets
Logging Discarded Requests
Account Log Files
Realm Settings
Configuring SQL Queries
Private RADIUS Attributes
Regular Expressions Syntax
RADIUS Clients
RADIUS Client Settings
Dynamic Clients Settings
SQL Data Sources
SQL Data Source Settings
LDAP Servers
LDAP Server Settings
Remote RADIUS Servers
Remote RADIUS Server Settings
State Servers
State Server Settings
Meta Configuration
Meta Configuration
Meta Configuration Settings
Meta Base Schema
TLS Settings
Creating SSL Certificates
Creating Server Sertificate
Requesting Server Certificate
Creating Client Certificates
Revoking a Certificate or Renewing CRL
Exporting CA Certificate
Issuing a Certificate in Active Directory CA
Remote Configuration
Advanced ISP Billing Integration
DTH Billing Integration
Platypus Billing System Intergration
OnDO SIP Server Integration
How Do I...
Wi-Fi Security
Wireless Authentication
Wi-Fi and RADIUS
Supported EAP Authentication Types
Security Considerations
10 Tips for Wireless Network Security
Administering the Server
Debug Logs
Using Client Tool
List of Server Errors
Maintaining RADIUS Dictionary
Basic Concepts
Wireless Authentication
Authentication Protocols
RADIUS Attributes
Example of RADIUS Packet Transactions
List of Standard RADIUS Attributes
Technical Support
Purchasing Licenses

ClearBox Enterprise Server 2.0 Online Manual
Prev Page Next Page
ClearBox Enterprise Serverâ„¢ 2.0. User's Guide

Wireless Security and Deployment Considerations

When choosing an authentication method, balance the level of security that you require with the effort that you want to devote to deployment. For the highest level of security, choose PEAP with certificates (EAP-TLS). For the greatest ease of deployment, choose PEAP with passwords (EAP-MS-CHAPv2).

Although both PEAP with EAP-TLS and EAP-TLS alone provide strong security through the use of certificates for server authentication and for client computer and user authentication, when PEAP with EAP-TLS is used, client certificate information is encrypted. PEAP with EAP-MS-CHAPv2 requires the least effort to deploy because client authentication is password-based, so certificates do not need to be installed on clients. Because PEAP creates an end-to-end encrypted channel before EAP-MS-CHAPv2 authentication occurs, the authentication exchange reduces the risk of offline dictionary attacks.


When you deploy both PEAP and EAP unprotected by PEAP, do not use the same EAP authentication type with and without PEAP. For example, if you deploy PEAP with EAP-TLS (PEAP/EAP-TLS), do not also deploy EAP-TLS without PEAP. Deploying authentication methods with the same type - one with and the other without the protection of PEAP - creates a security vulnerability.

© 2001-2007 XPerience Technologies.
Converted from CHM to HTML with chm2web Pro 2.7 (unicode)