Nice video Herman. Just want to confirm something. During EAP-PEAP, what certificate does the server send from ClearPass to the client for validation? Is it the HTTPS server or RADIUS/EAP server certificate?
If you find you are attacked, you will need to change the passwords for the compromised accounts, as well as see if there were successful accesses to your network and see where attackers went and did. Consider that the attackers have had the same access to your network as the attacked accounts.
Hi Herman, I have seen the ssid cert warnings even when I have added the genuine server's radius cert in clients trust list. Is the way to prevent certificate warning. Should we get a public signed cert for radius or will we be able to prevent it by using domain signed certs(present in clients trust list). OR is it like https certs where we should use fqnd for common name.
Kevin, the only way not to see these RADIUS server certificate warnings is to pre-configure the SSID on the client. With WiFi there is only the SSID name, so not really a way to validate that you are connecting to a trusted network. Check this write up for some deeper explanation: blogs.arubanetworks.com/industries/trust-at-first-sight/
Good question. I the perfect world, where the certificate is validated against a public trusted root, it is not. However when you fabricate your certificates you can put anything in and if people see the information at all, the uneducated user will click if they see their company name, a well known provider name or something that states secure in it. Bottom line, unless you can completely lock down a client device to only trust specific certificates from specific certificate authorities, the user is the weakest link which is likely to fail.
Hi bro... In my university they are providing 802.1x EAP WiFi connection for laptops after the registration of Mac address only how to hack and connect my phone.....give me some ideas
Excellent question. This is covered in the last part of video 2: ruclips.net/video/Shr5xFFGyiA/видео.htmlm47s. In summary: don't use PEAP-MSCHAPv2 unless you have full control over the client. If you are using it today, plan to move to other authentication methods where EAP-TLS is the most logical option. Check the other video.
at work i connect to 802.1x eap Peap with a user name and password. we dont have IT as its a contract compnay and only come in if there is problems with wifi. any other way to secure it & how secure is what i am using
![Blox Fruits Dragon Rework Update [Full Stream]](http://i.ytimg.com/vi/EqDAp8udhm0/mqdefault.jpg)
"Don't worry, it'll get worse"
Thx for the video too. I can't wait to ask my college for permission to do this!
Nice video Herman. Just want to confirm something. During EAP-PEAP, what certificate does the server send from ClearPass to the client for validation? Is it the HTTPS server or RADIUS/EAP server certificate?
it sends the radius cert
Hello I wanted just to ask what can someone do if you found that your wifi was attacked using this method
If you find you are attacked, you will need to change the passwords for the compromised accounts, as well as see if there were successful accesses to your network and see where attackers went and did. Consider that the attackers have had the same access to your network as the attacked accounts.
@@hermanrobers sólo en personas te puedo ablar puedo yegar aya
Yegare
Boy aya
Hi Herman, I have seen the ssid cert warnings even when I have added the genuine server's radius cert in clients trust list. Is the way to prevent certificate warning.
Should we get a public signed cert for radius or will we be able to prevent it by using domain signed certs(present in clients trust list). OR is it like https certs where we should use fqnd for common name.
Kevin, the only way not to see these RADIUS server certificate warnings is to pre-configure the SSID on the client. With WiFi there is only the SSID name, so not really a way to validate that you are connecting to a trusted network. Check this write up for some deeper explanation: blogs.arubanetworks.com/industries/trust-at-first-sight/
@@hermanrobers Thank you very much for the clarification.
Is it possible to fake the server certificate?
Good question. I the perfect world, where the certificate is validated against a public trusted root, it is not. However when you fabricate your certificates you can put anything in and if people see the information at all, the uneducated user will click if they see their company name, a well known provider name or something that states secure in it. Bottom line, unless you can completely lock down a client device to only trust specific certificates from specific certificate authorities, the user is the weakest link which is likely to fail.
Hi bro... In my university they are providing 802.1x EAP WiFi connection for laptops after the registration of Mac address only how to hack and connect my phone.....give me some ideas
Best would be to contact your network administrator and have the MAC address of your phone registered.
how do i protect myself from this
Excellent question. This is covered in the last part of video 2: ruclips.net/video/Shr5xFFGyiA/видео.htmlm47s. In summary: don't use PEAP-MSCHAPv2 unless you have full control over the client. If you are using it today, plan to move to other authentication methods where EAP-TLS is the most logical option. Check the other video.
at work i connect to 802.1x eap Peap with a user name and password. we dont have IT as its a contract compnay and only come in if there is problems with wifi. any other way to secure it
& how secure is what i am using
tnx a lottt