Trying to setup a Radius server that can be used (at some point) for WPA3-Enterprise authentication. What are the best practices for such a setup in terms of EAP type? I am seeing some threads that seem to imply EAP-TLS is required for WPA3-Enterprise, but I think I'm misinterpreting that.
I think the most secure is probably EAP-TLS with only certificates that can be revoked on each and every device, fully trusted. However, that requires a lot of implementation work - what would the most secure implementation be that does not require an installed certificate on the client device?
Between TTLS, PEAP, MSCHAPv2 - which is the most secure? From my (limited) research, it appears that some of these methods might require passwords to be stored in plaintext, but I also might be misinterpreting that. Also - which authentication type within the tunnel would be the most secure? Does anyone have some reading on this readily available? It sort of seems like a mess of legacy protocols with newer protocols that then encapsulate legacy protocols.
No comments:
Post a Comment