You must have very small Deer in the US.
US deer are grazers so their heads tend to be low to the ground despite standing much taller. We dont have carnivorous deer that go for our hearts like you seem to have in Germany.
Aha, so you missed the original quote, i'll try bolding the relevant parts this time.
Also, WPA2-Enterprise is pretty secure if you only use TLS auth, not TTLS where you use a username/password combo (too easy for a MITM)
I was specifically replying to that part, as TLS and TTLS both have the same degree of mitm vulnerability with properly configured clients.
If the server cert fails in TLS or TTLS then MITM is a possibility, you dont need the username/password or client cert to mitm a TLS connection, just the server cert.
Actually for that matter wouldnt a compromised server certificate leave you vulnerable to a proxy attack anyway where you would use the compromised server cert to pretend to be the access point communicating with the proper radius server thus giving MITM on TLS or TTLS the same? You might not get the actual client cert on TLS but you would have their traffic all the same.
If server cert validation has failed chances are your CA was compromised, in which case the attacker could just generate client certs at will anyway....
not TTLS where you use a username/password combo (too easy for a MITM)
TTLS properly configured is no easier to MITM than properly configured TLS, you should be using server cert validation with either.
Not to mention hardware cost, server license cost, maintenance cost...etc.
I dont think a cert server works the way you think it does.
I mean technically it has costs... but theres not a lot of reason you can't use a $300 convertible tablet pc handle your ca cert virtually indefinitely, it doesn't have to be turned on after you finish signing certs until its time to sign another batch...
Cop executing search warrant: "it's asking for a password"
Wouldn't the cop executing the search warrant have just lost the case at this point? Seems to be dicking around on computers containing evidence outside of a forensics lab would ruin the chain of custody.
If Comcast was doing the Google Fiber setup, it would be more like 4tb of customer bandwidth sharing 4tb of "node" bandwidth.
Also to clear this up google fiber is more like 256GB of customer bandwidth sharing 40gb of "node" bandwidth. Google fiber is GPON and not actual dedicated ethernet links.
All networks period are like this, theres always a bottle neck. My point was that his cable modem can indeed handle more bandwidth than his purchased connection speed.
In which case he's going to be having problems whether they turn on the wifi hotspot or not. So how is it relevant?
Looking at comcast's website the highest speed internet they offer is 105Mbps while the slowest docsis 3 modems are capable of 171mbps. Most isps are pushing 8 channel modems now which can pull over 300mbps. Comcast could offer at least 60mbps without affecting your speed in any meaningful way.
I imagine that most people don't. What percentage of home APs support 802.1x, especially integrated modem/router/APs provided by local DSL, cable, or fiber ISPs?
I've never had an integrated modem/router/AP and while I suspect those don't support it all of the home routers i've purchased in the past have supported 802.1x even before I started getting mikrotik/unifi gear. It's just called WPA-Enterprise in the settings.
is $40 a reasonable price? if so www.routerboard.com. Keep in mind that site is a product listing and site and not an actual web store, check out the how to buy link at the top to actually purchase them. Those routers can do everything from round robin connections to actual BGP. Although at the $40 price point you'd have a hard time even maxing out the 100mbit ports it has but step up to the $99 model....
There's plenty of non firsts who succeeded
iPhone, macbook, iPad, iPod iMac. Are you noticing a pattern here?
Never test for an error condition you don't know how to handle. -- Steinbach
