"Dave S." <please-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello All,
>
> I'm in the process of designing a wireless solution using WPA and
> RADIUS (actually the MS implementation, IAS) and I've been told that
I
> should consider VPN as an additional safeguard.
>
> Since WPA protects both the authentication handshake and the
> subsequent data transfer, there is no PSK configured on the clients,
> and to date (at least to my knowledge) WPA has not been cracked, I
> feel that a requirement to have users tunnel through VPN is
extraneous
> and only adds administrative overhead both in the management of the
> VPN concentrator device and the configuration and management of the
> client software necessary on the enduser computers.
>
> Am I reasonably on-track with my assessment, or are there WPA
> vulnerabilities that I am failing to consider which may warrant the
> additional security afforded by a VPN?
>
> Any advice is appreciated!
> -Dave
I think the key is using a strong authentication method. Using 802.1x
with
EAP and a STRONG authentication protocol such as EAP-PEAP or EAP-TLS
or Funks EAP-TTLS. The user credentials are tunneled making it near
impossible
to collect user information. This combined with Dynamic Key Rotation
and AES
make for a very good security solution. I think VPNs have their place,
but not
necessarily in wireless. There are those that will disagree, but they
have probably
not yet become familiar enough with 802.11.i to feel comfortable. You
have to
realize, that wireless is greek to most network administrators,
therefore
sticking with wired ways gives them a warmer fuzzy feeling.
Similar Threads
Linear Mode
