VPN needed if using WPA?

Hello All,

I'm in the process of designing a wireless solution using WPA and RADIUS (actually the MS implementation, IAS) and I've been told that I should consider VPN as an additional safeguard.

Since WPA protects both the authentication handshake and the subsequent data transfer, there is no PSK configured on the clients, and to date (at least to my knowledge) WPA has not been cracked, I feel that a requirement to have users tunnel through VPN is extraneous and only adds administrative overhead both in the management of the VPN concentrator device and the configuration and management of the client software necessary on the enduser computers.

Am I reasonably on-track with my assessment, or are there WPA vulnerabilities that I am failing to consider which may warrant the additional security afforded by a VPN?

Any advice is appreciated!

-Dave

Reply to
Dave S.
Loading thread data ...

extraneous

I think the key is using a strong authentication method. Using 802.1x with EAP and a STRONG authentication protocol such as EAP-PEAP or EAP-TLS or Funks EAP-TTLS. The user credentials are tunneled making it near impossible to collect user information. This combined with Dynamic Key Rotation and AES make for a very good security solution. I think VPNs have their place, but not necessarily in wireless. There are those that will disagree, but they have probably not yet become familiar enough with 802.11.i to feel comfortable. You have to realize, that wireless is greek to most network administrators, therefore sticking with wired ways gives them a warmer fuzzy feeling.

Reply to
Airhead

--

extraneous

An article about using a VPN with PPTP vulnerability.

formatting link

Reply to
Airhead

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.