Re: RADIUS/IAS Requests to Active Directory

=?Utf-8?B?SmVyZW15IFJldml0Y2g=?=
<JeremyRevitch@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:7B83769F-16B2-483F-A58A-FF67BF3C5BCD@xxxxxxxxxxxxx:

The RADIUS device is configured to send requests PAP. The RADIUS
request to IAS is MD5/PAP since it is RADIUS at all right? I thought
the the PAP/MD5 combination resulted in a higher level of security.

snip<

Keep in mind that the RADIUS protocol is used only between RADIUS clients
and RADIUS servers/proxies.

In other words, the RADIUS protocol is *not* used between the access client
and the network access server/RADIUS client, so traffic between the two is
not protected by RADIUS.

The other poster is correct that authentication methods that use
certificates are the most secure. If you are deploying wireless, PEAP-MS-
CHAP v2 is recommended, if VPN or 802.1x wired, EAP-TLS is recommended.

Here are some documentation resources for you if you are interested:

"Enterprise Deployment of Secure 802.11 Networks Using Microsoft Windows"
at
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx

"Deployment of IEEE 802.1X for Wired Networks Using Microsoft Windows" at
http://www.microsoft.com/downloads/details.aspx?FamilyID=05951071-6b20-
4cef-9939-47c397ffd3dd&DisplayLang=en

"The Advantages of Protected Extensible Authentication Protocol (PEAP): A
Standard Approach to User Authentication for IEEE 802.11 Wireless Network
Access" http://www.microsoft.com/downloads/details.aspx?familyid=05951071-
6b20-4cef-9939-47c397ffd3dd&displaylang=en

"Step-by-Step Guide for Secure Wireless Deployment for Small Office/Home
Office or Small Organization Networks" at
http://www.microsoft.com/downloads/details.aspx?familyid=269902e8-fc41-
4eb1-9374-44612e64f0fb&displaylang=en


--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
.

Loading