RADIUS or WPA2 security mode?

Posted on 2006-10-25
Last Modified: 2013-11-12

I have a query on Wireless security that I was hoping someone could help with.

Most technical journals state that for enterprises/business, WLAN security should comprise of a RADIUS server, PEAP etc. WPA2 is reserved for SOHO.

However, what is the reason for this? Is it because maintaining a passphrase in an enterprise is too much overhead, or actually because the AES encryption used with WPA2 is insecure.

We would like to have a Wireless network in part of our office where there are only about 4-5 people. In this case, building a RADIUS server for such a small amount seems overkill when we can use WPA2 *unless* RADIUS was actually more secure.

We were thinking of a combination of WPA2, MAC address filtering and hiding the SSID, although we realise there are relatively straighforward ways to bypass the last two.

Would be interested to know people's thoughts.

Question by:Dilan77
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 15

Expert Comment

by:Jeff Perkins
ID: 17807736
The radius by design is more secure.  But wpa2 is relatively new and fairly secure, for now... but your question about insecure?  Well, let's face NOTHING in the ethernet is SECURE... I don't think anyone is beyond being hacked... you just have to weigh the risks versus costs....
LVL 77

Accepted Solution

Rob Williams earned 250 total points
ID: 17808061
Do you have an existing server to which you can add the radius service?
If you wish to use RRAS and Windows Radius server, it is fairly easy to set up.
-You need to install Radius, on the server of your choice by going to add remove programs | Windows components | Networking services | Internet Authentication Services.
-Once installed open the Internet Authentication Service under Administrative tools. Right click on "Internet Authentication Service" and "choose register service in Active directory".
-Then in the Routing and Remote Access Console, right click on the server name and choose properties, click on Security and then under Authentication Provider choose Radius Authentication in the drop down menu. Next click Configure and add your Radius server.
-In Active Directory Users and computer, under the user's profile, on the dial-in tab, make sure "control access through Remote Access policy" is checked
-Now you can add policies for authentication for your users in your Radius configuration.

The following links may be of some help:

You can also create your own radius server with a 3rd party application on an XP box using something like WinRadius:
LVL 77

Expert Comment

by:Rob Williams
ID: 17843474
Thanks Dilan77,

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question