Shared Secret Question Is RADIUS encryption/validation good enough? Primary threat is dictionary attack Attacker must have layer 2 traffic visibility In theory: Yes, if you use a strong shared secret More so if you use IPsec Proper network hygiene helps In practice: Security police cannot force strong shared secrets to be used IPsec introduces its own kind of nightmare |