I understand that a tls has to be established between the supplicant (end user device) and the auth server but a few things are unclear :
- How does the supplicant know the ip adress of the auth server ?
- The supplicant is not granted access yet it has to communicate with tls, does that mean it is granted a temporary local ip address and only requests to the auth server are forwarded via usual NAT by the access point ?
- How does the supplicant authenticate the server ? If I were connecting to a website, I would chech the common name (and that the chain is correct up to a root CA certificate I have), but what would the supplicant check for in common name (subject) ?
What difference we can observe when connecting using the certificate generated using the RADIUS and the credentials that we define in RADIUS like username & password.
We are sorting our logging and I am deciding on whether to audit JBoss EAP7. We have an application running on a 3 tier architecture (Apache/JBoss/DB).
From a security perspective, what logs would I need (if I need to collect) and how would it help?
Thanks in advance.
I have installed Omada for Linux on RPI, but the install script shows:
Can not find a VM in Java Home
/ usr / lib / jvm / default-java
When attempting to run installed Deamon. Any ideas on how to solve this problem please?
I wonder how key negotiation works for WPA2 Enterprise, which uses a plain-text protocol such as EAP to authenticate the user. All the information I could find suggests that EAP is an inherently insecure authentication method for wireless communication because the credentials are sent wirelessly in plain text. On this basis, I also assumed that not only the credentials would be affected, but also the entire session! Of course, some questions appeared in my mind:
- How would NAS and Supplicant secretly agree on a common key if there is no secret secret?
- If there is a way to arrange a secret common key. Why does not the NAS and the supplicant use the traffic before the authentication step? So that the credentials are not forwarded in plain text to the open.
- In what ways is the NAS and supplicant supported by the RADIUS server to negotiate the shared secret when using a secure protocol such as PEAP?
- For example, suppose EAP uses a shared secret to authenticate the supplicant. Why is not this shared secret being used by the NAS and the supplicant to derive a shared key? (I think WPA2-PSK uses a shared secret to negotiate keys.)
I have a Huawi P9 Lite. I can not change the EAP in Sim. I used to have a Samsung and before I connected to a Wi-Fi connection, I would be able to change my EAP, but it automatically connects to my Huawei. Can someone help me?