In the previous blog about PSK authentication in general, I discussed how weak PSK is against dictionary attacks and social engineering. Sadly, not all the devices support EAP authentication in enterprise environments, and even if it is not recommended to use PSK in an enterprise environment that may be the only option. Some Voice over …

In the blog about EAP we discussed that EAP is a very secure (depending on the method you use) authentication mechanism. Using EAP as authentication is also called WPA/WPA2 – enterprise. As the name said, you should use this all the time in enterprise environments. Another option is pre-shared keys (PSK) which is called WPA/WPA2 …

RADIUS Deployments Like the different controller’s deployments, there are also different ISE deployments. Single site deployment This is a deployment when there is only one site. On this site, all the communications are done by a single RADIUS cluster and the LDAP database. Since it is a single site, everything is centralized. The queries between …

Before we dive into RADIUS, first I want to explain a little bit about LDAP. Lightweight Directory Access Protocol is a protocol that is used for directory services over an IP network. It is possible that the RADIUS server has a database with user accounts for authentication, but most of the time it uses an …

As mentioned in the authentication blog, the Authentication Server (AS) and the Supplicant need to talk to each other with the same EAP protocol. The AS has also a server certificate which is used for two purposes. First it is used to show the supplicant that this server is the right server to send your …

It doesn’t matter how strong the authentication is, it always comes back to three categories. – Something you know – Something you have – Something you are An example of something you know is a password for a PSK WLAN. Something you have can be the laptop that is part of the active directory or …