Re: PEAP-TLS vs EAP-TLS



Thanks for your reply, Steve.

My query wasn't about cost/benefit analysis -- your comments about TCO are
correct of course, but without some measure of relative protocol
"secureness", it's hard to tell whether additional effort is worthwhile.

It sounds like you're disagreeing with Microsoft's documentation, which
clearly states that "the entire EAP conversation might be sent as clear text
(unencrypted)". My nominal understanding is that the difference between EAP
and PEAP is that PEAP is a two-step process where 1) the RADIUS server is
authenticated to the client via the RADIUS server's certificate, and then an
encrypted TLS channel is set up for 2) client authentication (either using
MS-CHAP v2 for username/passwords, or PEAP-TLS for client certificates),
whereas EAP is a one-step process that doesn't use an encrypted TLS channel,
and only certificates (EAP-TLS) are available. Of course certificates are
encrypted, but other parts of the communication in EAP may be cleartext -- so
I can see your statement that the entire conversation is not cleartext,
because certificates are not cleartext -- I think the doc is saying
everything else is cleartext. (So, it makes sense that PEAP is required for
username/password type of authentication.)

It sounds like my question has been answered to some extent; that is, that
the protocols from most secure to least is PEAP-TLS, EAP-TLS, PEAP-MS-CHAP
v2. But I wonder how much more secure PEAP-TLS is than EAP-TLS, and how much
more secure EAP-TLS is than PEAP-MS-CHAP v2. Then I can consider whether the
extra cost is worth it, depending on the situation.

Steve

"Steven L Umbach" wrote:

The documentation is correct in the order of being most secure though most
secure is not always the best for an organization as another method may be
secure enough and much easier to implement, manage, and cost less and cost
is ALWAYS a consideration so that funds can be best allocated. What you are
confusing here is that EAP and EAP-TLS are not the same. EAP-TLS absolutely
does not allow authentication to be done in clear text. Certificate
authentication is extremely strong. When certificates are used the
user/computer is sent a challenge that is a message encrypted with their
public key which can only be decrypted by their private key. --- Steve



"mobilemobile" <mobilemobile@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4EEEC0C3-68DE-4E30-A273-9FBD52F8395F@xxxxxxxxxxxxxxxx
(I placed 2 copies of this question in thread.)

In Microsoft's doc WiFi_Security.doc (from
http://www.microsoft.com/downloads/details.aspx?familyid=67FDEB48-74EC-4EE8-A650-334BB8EC38A9&displaylang=en
-- IEEE 802.11 Wireless LAN Security with Microsoft Windows), in
Recommended
Security Configurations section, they rate EAP-TLS vs PEAP-MS-CHAP v2:

<quote>
The following are the recommended combinations of encryption and
authentication for secure wireless networking in an organization, from the
most to the least secure:
· WPA2/AES and EAP-TLS
· WPA2/AES and PEAP-MS-CHAP v2
· WPA/TKIP and EAP-TLS
· WPA/TKIP and PEAP-MS-CHAP v2
</quote>

Also, in the PEAP-MS-CHAP v2 Authentication section:

<quote>
Although EAP provides authentication flexibility through the use of EAP
types, the entire EAP conversation might be sent as clear text
(unencrypted).
A malicious user with access to the media can inject packets into the
conversation or capture the EAP messages from a successful authentication
for
analysis. This is especially problematic for wireless connections, in
which
the malicious user can be located outside of your business. EAP occurs
during
the IEEE 802.1X authentication process, before wireless frames are
encrypted
with WEP.

Protected EAP (PEAP) is an EAP type that addresses this security issue by
first creating a secure channel that is both encrypted and
integrity-protected with TLS.
</quote>

So it seems that this document is saying that PEAP's better than EAP, and
EAP-TLS is better than PEAP-MS-CHAP v2, so I'd extrapolate that to
PEAP-TLS
is the best.

Am I wrong about this? Are the statements in the Microsoft doc
inaccurate?

Steve



"Guy Teverovsky" wrote:

Steve,

Take a look at "Securing Wireless LANs with Certificate Services"
solution:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CDB639B3-010B-47E7-B234-A27CDA291DAD&displaylang=en
It covers the deployment of PEAP with digital certificates (what you are
referring to as PEAP-TLS)

http://www.microsoft.com/technet/security/prodtech/windowsserver2003/pkiwire/swlan.mspx?mfr=true
also has some useful links that cover the topic.

I remember I was too having hard time digging the docs, but the moment
you
know the title of what you are looking for, google is right on the nail
;)

Guy
--
Smith & Wesson - the original point and click interface
http://guy.netguru.co.il


"Steven L Umbach" wrote:

Whew. Thanks again.

My interest was piqued by this whole thread and I spent a bit of time
reading Microsoft documentation trying to get this whole thing clear in
my
head. There is little reference and nothing I could find on deploying
PEAP-TLS as MS docs pretty much all were about PEAP-MSCAHPV2 or
generally
referred to just as PEAP. For the benefit of the OP I would say that
PEAP-MSCAHPV2 can be very secure assuming best practices are being
followed
for enforcing complex passwords and users take reasonable steps to
protect
their passwords. Of course user certificate authentication used in
PEAP-TLS
when properly configured will have an advantage over password
authentication
in that an attacker could not authenticate as the user even knowing the
user's password if a user certificate was required though the attacker
certainly could do damage via a non wireless logon if that was
possible.
Using smart cards and requring their use for logon would mitigate
password
risk in any case. Reading back I think the origianl confusion was about
PEAP
being more secure than EAP for wireless which it is but when compared
to
EAP-TLS [not to be confused with EAP] they both use a secure channel to
the
IAS server for user authentication. --- Steve


"Guy Teverovsky" <guyt@xxxxxxxxxxxxx> wrote in message
news:9D92E129-C39D-436B-9284-8DBE6571097F@xxxxxxxxxxxxxxxx
and did not know that PEAP-TLS requires a computer certificate
also on the client computer.

Maybe I was not quite clear. When using PEAP (either MSCHAPv2 or
digital
certs/smart card) you have a choice to authenticate either as user
account
(the user logged on) or as computer (you authenticate the computer
and let
any user logged on to use the link).
When using PEAP-MSCHAPv2 the only certificate required on the client
is
the
certificate chain of the CA that issued the RADIUS server
certificate - no
client certificate is required.

When using PEAP-TLS, and authenticating as user, the user account
needs to
have a client certificate (the computer does not).
When authenticating as computer, the computer needs to have a client
certificate (the user does not).

Guy
--
Smith & Wesson - the original point and click interface
http://guy.netguru.co.il


"Steven L Umbach" wrote:

Thanks for clarifying that. I was under the impression that PEAP-TLS
was
using PEAP and that the user authenticated with smart card or user
certificate and did not know that PEAP-TLS requires a computer
certificate
also on the client computer. --- Steve


"Guy Teverovsky" <guyt@xxxxxxxxxxxxx> wrote in message
news:901426F1-1C12-47FC-BAEB-A38922F10F76@xxxxxxxxxxxxxxxx
Steve, there two versions of PEAP. In general, PEAP uses TLS for
server
authentication and tunnels another authentication protocol inside
the
TLS
session.
PEAP-MS-CHAPv2 uses TLS for server authentication (Radius server
requires
a
cert) and user/password pair for client authentication.
What you reffer as PEAP-TLS in Microsoft documentation is reffered
as
"PEAP
with digital certificates" and it uses certs for BOTH server and
client
authentication, while another TLS session (client authentication)
is
tunneled
in side original TLS session used for server (RADIUS)
authentication.

In fact PEAP with digital certificates is very similar to EAP-TLS
from
the
security and usability point of view. The major difference is the
fact
that
when using PEAP with digital certificates for user authentication
you
can
use
some Microsoft specific extensions/features.

--
Smith & Wesson - the original point and click interface
http://guy.netguru.co.il


"Steven L Umbach" wrote:

In my opinion that part of the article is wrong and I believe it
is
referring to EAP-TLS when it talks about certificates for BOTH
user
and
computer. TLS is used when the user uses MSCHAPV2 for
authentication
which
is why the IAS server needs a certificate so that the wireless
client
can
set up the secure TLS tunnel before the user authenticates. The
article
in
the link below may shed some light on the subject. I believe that
PEAP
can
be referred to as both PEAP-TLS and PEAP-MSCHAPV2 though if the
user
uses
PEAP and a user certificate/smart card instead of user
credentials
then
MSCHAPV2 will not be used and then maybe that would be PEAP-TLS.
You
will
see that when you configure 802.1x on a computer as you go to the
adapters
network properties/authentication and select PEAP and then go to
properties
select authentication method there are two choices - secured
password
(EAP-MSCHAPV2) or smart card or other certificate. --- Steve

http://www.microsoft.com/technet/itsolutions/network/wifi/peap.mspx

"mobilemobile" <mobilemobile@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:310B6CA6-7E0B-4C4A-8D70-4A3CDFE27F49@xxxxxxxxxxxxxxxx
Thanks for your reply, Steve.

Here's a snip from
http://www.microsoft.com/technet/community/columns/cableguy/cg1202.mspx:

"Protected EAP (PEAP) is an authentication method that uses TLS
to
enhance
the security of other EAP authentication methods. PEAP for
Microsoft
802.1X
Authentication Client provides support for TLS (PEAP-TLS),
which
uses
certificates for both server authentication and client
authentication;
and
Microsoft Challenge Handshake Authentication Protocol version 2
(PEAP-MS-CHAP
v2), which uses certificates for server authentication and
password-based
credentials for client authentication."

I think this means that there's a PEAP-TLS that's separate from
EAP-TLS
and
PEAP-MS-CHAP v2, but there seems to be very little (or none)
discussion
about
the benefits of PEAP-TLS relative to EAP-TLS.

Steve

"Steven L Umbach" wrote:

I forgot to answer one of your questions. Since EAP-TLS
requires
that
computer and user have certificates then you can also control
what
computers
can access your wireless network - those that have computer
certificates.
You can't do that with PEAP-TLS if that is a concern. The user
only
needs
credentials to access the wireless network and to trust the
certificate
on
the IAS server. --- Steve


"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
.



Relevant Pages

  • Re: PEAP-TLS vs EAP-TLS
    ... It covers the deployment of PEAP with digital certificates (what you are ... PEAP-TLS as MS docs pretty much all were about PEAP-MSCAHPV2 or generally ... Of course user certificate authentication used in PEAP-TLS ...
    (microsoft.public.windows.server.security)
  • Re: PEAP-TLS vs EAP-TLS
    ... The documentation is correct in the order of being most secure though most ... confusing here is that EAP and EAP-TLS are not the same. ... does not allow authentication to be done in clear text. ... Take a look at "Securing Wireless LANs with Certificate Services" ...
    (microsoft.public.windows.server.security)
  • RE: PEAP based 802.1x LAN authentication
    ... Authentication, EAP Methods. ... Do you have PEAP added here? ... edit and make sure the certificate that you want to use is selected. ... the server certificate is now stored in "Personal " ...
    (Focus-Microsoft)
  • RE: Re: Certificate authentication under IIS
    ... With digest authentication, you're bypassing the certificate authentication ... that you want to secure. ... Require Client Certificate (internal CA, ...
    (Focus-Microsoft)
  • Secure website - explanation required.
    ... I'm in need of an explanation of secure websites and authenticated ... certificate. ... the authentication is also encrypted - the "pro" version uses a longer ... encryption for the authentication. ...
    (microsoft.public.inetserver.misc)