simple question about EAP authentication

Hi;

We know that we need a certificate to be present on the RADIUS server (ISE in this case), if we use PEAP as outer method. That means that client needs to validate server's identity through this certificate. But in the CCNP Sec SISAS videos taught by Cristian, he said we can clear the check of the "Validate Server Certificate" checkbox on the Properties page of the NIC on the Windows machine to prevent the user from validating server's certificate. why?

Comments

  • Hi

    You shouldn't clear the checkbox , because from security perspective it's dengers and could lead to MITM attacks where the attacker can sniff your credentials , the checkbox helps the endpoint to validate and make sure that the Radius server is trusted for tunnel encryption.

    i think he did it only just to bypass the validation process because it can be painful sometimes in the lab.

Sign In or Register to comment.