1

Our wireless network previously used a preshared WPA/WPA2 key for guest access, which allows them access to the Internet. (Our employee access uses 802.1x authentication). We just had a wireless consultant come in to fix various wireless issues we had; one of the things he wound up doing was changing our guest access to HTML-based instead of the preshared key. So now that guest SSID is open (instead of using WPA) and users are presented with a browser-based login screen before they can get on the Internet.

My question is: Is this an acceptable method from a security standpoint? I would assume that having an open network is necessarily a bad idea, but the consultant said that the traffic is still using PEAP, so it's secure. I didn't get a chance to question him further on this because we ran late and a bunch of other things came up.

Please let me know what you think about the advantages/disadvantages of using HTML-based wireless authentication as opposed to using a preshared WPA key. Thanks...

johnnyb10
  • 655
  • 4
  • 13
  • 28
  • Is the wireless network segregated from your production network? If so, then security really isn't an issue. If it isn't then I would suggest contacting the consultant for a post engagement follow up to answer your questions. – joeqwerty May 14 '10 at 12:30

2 Answers2

2

It's not secure (compare to your previous setup) as you are not protected from sniffing traffic. In fact if you have plain text http (not SSL secured) can sniff your passwords and get access to u r AP.

eject
  • 355
  • 1
  • 5
0

You only get accesscontroll through the HTML Auth. With the preshared key you also have encryption for the traffic passing from the client to the accesspoint

lepole
  • 1,723
  • 1
  • 10
  • 17