In mutual authentication, as with PEAP, the client verifies a cert on the ACS and the ACS verifies the client with its credentials.
The CWSP book states that using mutual authentication will prevent an attacker from successfully causing an authenticated client to roam to a rogue AP with the same SSID that may be a laptop running AP and DHCP software during an rf-jamming attack.
If the attackers laptop additionally had ACS software running, using a self signed certificate, why would the client not try and associate with the rogue AP?
It doesnt seem like the client cares what kind of certificate is on the ACS... it works whether the cert was generated and self signed locally on the ACS or if it came from a CA somewhere else.
Any help regarding this type of attack and how mutual authentication prevents it would be very much appreciated.
You answered your queston your self. Is in Windows you can unselect "validate server cert". No cert's are checked...
But if you have cert's running, the server and client are checked against each other. Just because you have ACS running with a root password, dosen't mean the client cert will mach up.
Reading the other questons you have posted, " what is it you are after"???!! What is the "problem statement.
Simply put, I am trying to find out if a client that is configured to use PEAP will roam to a rogue access point during an RF jamming attack.
I have read that using mutual authentication will prevent this but I dont understand how.
I was just hoping someone would be able to explain why the client would not roam and begin trying to authenticate itself through the rogue AP.
Authentication occurs before association. If the rogue AP isn't configured properly (a rogue AP won't be properly configured for an EAP-based authentication) and the client doesn't perform an automatic open authentication to any AP, then the client will not roam to that AP.