Securing your WiFi – WPA2-Enterprise with EAP-TLS made easy with Open Source tools

Hello everyone,

Recently I’ve been playing a lot with WPA2-Enterprise EAP-TLS at work. I wanted to share my experience with you all.

First of all, a little explanation about WiFi security. Most of you are familiar with WEP/WPA1+2 from your home WiFi. You probably know that WEP has been “hacked” long time ago and isn’t considered secure. Also, there are publicly available rainbow tables for WPA2-PSK as well – although you need a combination of SSID+PSK for it to work (PSK authentication uses both the SSID name and the PSK to generate the secret with the access point. The publicly available rainbow table consists the top 1000 SSID names and a heavy load of passwords). WPA1/2-PSK is the method most widely used on WiFi networks. It uses a pre-shared key (password) to authenticate to the access point.

On large enterprises, PSK authentication simply does not fit. For example, consider a company with 1000 employees. One of the employees that knows the PSK password gets fired. The password is compromised and has to be replaced (not to mention that every employee with minor knowledge can extract the PSK from his/hers computer) – that is a big deal.

Read more of this post

Advertisements

Google authenticator – Securing your Google accounts and your favorite Linux

Google authenticator is a Google project implementing TFA (Two Factor Authentication). TFA is a way (as the name suggests) to authenticate with two factors. When you authenticate to GMail with only a username and password, that’s called a one factor authentication (the password). If your password has been compromised, anyone who knows your password can gain access to your GMail account, accessing all your private data there.

Read more of this post