Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Basic questions about RADIUS authentication

from [VI] Network Security [Permanent Link]
Subject: Basic questions about RADIUS authentication
Date: Sun, 21 Nov 2004 01:45:15 +0200 
Hi all,


From what I have read (and understood) about RADIUS authentication, in the

first phase, the NAS communicates with the RADIUS server thru using
pre-shared keys. 

Q.1- Is it not possible to sniff this communication and launch a dictionary
attack?

After the user is authenticated, RADIUS server creates and sends the user
and the NAS session keys.

Q.2- Is it not possible in this instance to launch a man-in-the-middle
attack?

And lastly,

Q.3- How is the data (userids and passwords) secured in the RADIUS server?
Is it not possible to launch an attack at the RADIUD server database?

I know these questions are very basic, but I hope they are not stupid.:-)

Thanks for answers,
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Securing Printers, Herbold, John W.
Next by Date:  RE: Securing Printers, Corey Watts-Jones
Previous by Thread:  Changing IP address as standard user, W W
Next by Thread:  Re: Basic questions about RADIUS authentication, Bulgaria Online - Assen Totin
Indexes:  [Date] [Thread] [Top] [All Lists]