"Don't worry, it'll get worse" Thx for the video too. I can't wait to ask my college for permission to do this!
@davidibrahim78094 жыл бұрын
Nice video Herman. Just want to confirm something. During EAP-PEAP, what certificate does the server send from ClearPass to the client for validation? Is it the HTTPS server or RADIUS/EAP server certificate?
@KevinEzraTV4 жыл бұрын
it sends the radius cert
@KevinEzraTV4 жыл бұрын
Hi Herman, I have seen the ssid cert warnings even when I have added the genuine server's radius cert in clients trust list. Is the way to prevent certificate warning. Should we get a public signed cert for radius or will we be able to prevent it by using domain signed certs(present in clients trust list). OR is it like https certs where we should use fqnd for common name.
@hermanrobers4 жыл бұрын
Kevin, the only way not to see these RADIUS server certificate warnings is to pre-configure the SSID on the client. With WiFi there is only the SSID name, so not really a way to validate that you are connecting to a trusted network. Check this write up for some deeper explanation: blogs.arubanetworks.com/industries/trust-at-first-sight/
@KevinEzraTV4 жыл бұрын
@@hermanrobers Thank you very much for the clarification.
@solollove19934 жыл бұрын
Hello I wanted just to ask what can someone do if you found that your wifi was attacked using this method
@hermanrobers4 жыл бұрын
If you find you are attacked, you will need to change the passwords for the compromised accounts, as well as see if there were successful accesses to your network and see where attackers went and did. Consider that the attackers have had the same access to your network as the attacked accounts.
@fernandogrin76073 жыл бұрын
@@hermanrobers sólo en personas te puedo ablar puedo yegar aya
@fernandogrin76073 жыл бұрын
Yegare
@fernandogrin76073 жыл бұрын
Boy aya
@alipentester26686 жыл бұрын
tnx a lottt
@bschlueter6 жыл бұрын
Is it possible to fake the server certificate?
@hermanrobers6 жыл бұрын
Good question. I the perfect world, where the certificate is validated against a public trusted root, it is not. However when you fabricate your certificates you can put anything in and if people see the information at all, the uneducated user will click if they see their company name, a well known provider name or something that states secure in it. Bottom line, unless you can completely lock down a client device to only trust specific certificates from specific certificate authorities, the user is the weakest link which is likely to fail.
@naveensr88886 жыл бұрын
Hi bro... In my university they are providing 802.1x EAP WiFi connection for laptops after the registration of Mac address only how to hack and connect my phone.....give me some ideas
@hermanrobers6 жыл бұрын
Best would be to contact your network administrator and have the MAC address of your phone registered.
@doyled017 жыл бұрын
how do i protect myself from this
@hermanrobers7 жыл бұрын
Excellent question. This is covered in the last part of video 2: kzbin.info/www/bejne/iZnVZqt8e6ysn6Mm47s. In summary: don't use PEAP-MSCHAPv2 unless you have full control over the client. If you are using it today, plan to move to other authentication methods where EAP-TLS is the most logical option. Check the other video.
@doyled017 жыл бұрын
at work i connect to 802.1x eap Peap with a user name and password. we dont have IT as its a contract compnay and only come in if there is problems with wifi. any other way to secure it & how secure is what i am using