Securing your WiFi – WPA2-Enterprise with EAP-TLS made easy with Open Source tools

Hello everyone,

Recently I’ve been playing a lot with WPA2-Enterprise EAP-TLS at work. I wanted to share my experience with you all.

First of all, a little explanation about WiFi security. Most of you are familiar with WEP/WPA1+2 from your home WiFi. You probably know that WEP has been “hacked” long time ago and isn’t considered secure. Also, there are publicly available rainbow tables for WPA2-PSK as well – although you need a combination of SSID+PSK for it to work (PSK authentication uses both the SSID name and the PSK to generate the secret with the access point. The publicly available rainbow table consists the top 1000 SSID names and a heavy load of passwords). WPA1/2-PSK is the method most widely used on WiFi networks. It uses a pre-shared key (password) to authenticate to the access point.

On large enterprises, PSK authentication simply does not fit. For example, consider a company with 1000 employees. One of the employees that knows the PSK password gets fired. The password is compromised and has to be replaced (not to mention that every employee with minor knowledge can extract the PSK from his/hers computer) – that is a big deal.

Read more of this post