With the onset of hardware like the WiFi pineapple, it has become somewhat harder to protect the privacy of your WiFi network. WPA2 Enterprise with Radius authentication could come to rescue here, but it offers a variety of different methods that differ form one another. PEAP, LEAP, TLS, Tunneled TLS all offer different levels of security and provide different options. So my question is:
What set of methods/techniques should be employed to ensure the client is not fooled by a man-in-the-middle attack, and can positively verify that the AP it is trying to connect to is the legitimate one? I imagine this will be done through the use of WPA2 Enterprise -> Radius authentication.
So far I have been able to:
- Build a Debian FreeRADIUS package with SSL enabled
- Configure it so it works with TTLS
- The AP is connecting to the Radius server fine and is able to authenticate the connecting client (users file contains the username/password combos for individual clients)
However at this point the client machine only uses the username and password to connect, so AFAIU the MitM attack is still possible. I would envision that the solution would use a public/private key pair and the client would present some sort of a challenge to the AP, for example a random message encrypted using the public key to which the AP would respond with the message decrypted and sent back to the client. I did some research into FreeRADIUS/OpenSSL/803.1x but the whole thing is somewhat convoluted. I was hoping someone could clarify that for me. The bottom line here is the question how to mitigate MitM attacks on WiFi. TIA.
