Say I was considering using 802.1X with PEAP-MSCHAPv2 for authenticating to the network instead of a PSK, but some devices only supported using TLS 1.0 for the tunnel. I'm not very familiar with the handshake process for using a PSK, but I know it's considerably different than the tunnel process used by PEAP.
I know having a unique login for each device/user means 802.1X is generally considered "more secure" than PSK on that point alone, but I'd imagine that obviously presumes the tunnel is secure. So I'm curious if anyone could weigh in on the security-related benefits/trade-offs of using a PSK for the whole network vs. 802.1X where some devices will exchange credentials via a TLS 1.0 tunnel.
No comments:
Post a Comment