[Soniya]

Wireless Security Technologies

Wireless security technologies are a combination of a wireless security standard (WPA2 or WPA) and an EAP authentication method. To authenticate the computer or the user that is attempting to make a protected wireless connection, Windows Server 2008 and Windows Vista support the following EAP authentication methods:

■ EAP-TLS

■ Protected EAP (PEAP)-TLS

■ PEAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MSCHAP v2)


EAP-TLS and PEAP-TLS are used in conjunction with a PKI and computer certificates, user certificates, or smart cards. With EAP-TLS, the wireless client sends its computer certificate, user certificate, or smart card certificate for authentication, and the RADIUS server sends its computer certificate for authentication. By default, the wireless client validates the RADIUS server’s certificate. With PEAP-TLS, the wireless client and RADIUS server create an encrypted TLS session, and then the wireless client and RADIUS server exchange certificates. PEAP-TLS is the strongest authentication method because the certificate exchange between the wireless client and the RADIUS server is encrypted.

In the absence of computer certificates, user certificates, or smart cards, use PEAP-MS-CHAP v2. PEAP-MS-CHAP v2 is a password-based authentication method in which the exchange of authentication messages is protected with an encrypted TLS session, making it much more difficult for a malicious user to determine the password of a captured authentication exchange with an offline dictionary attack.

Despite the encrypted TLS session, however, both EAP-TLS and PEAP-TLS are much stronger than PEAP-MS-CHAP v2 because they do not rely on passwords.