Herman Robers has been in networking and security since 1999. After being in the field as a security engineer and consultant for over 12 years, he joined Aruba Networks in 2011 as a Systems Engineer for the Benelux region. As an SE, Herman works actively with partners and end-users to get the maximum out of the technology. Herman is now part of the HPE Aruba EMEA team as a Mobility Systems Engineer with a focus on Mobility, ClearPass, and Security.
EAP-PEAP provides a very convenient way for Wireless network authentication and is widely used because is integrates smoothly with Active Directory Single-Sign-On. However the underlying authentication protocol MSCHAPv2 has been broken, and should not be used anymore. However in EAP-PEAP, if configured correctly, that weakness can be mitigated. This talk explains why you should, or should not use MSCHAPv2 in Wireless LAN.