Solved

RADIUS or WPA2 security mode?

Posted on 2006-10-25
3
1,355 Views
Last Modified: 2013-11-12
Hi

I have a query on Wireless security that I was hoping someone could help with.

Most technical journals state that for enterprises/business, WLAN security should comprise of a RADIUS server, PEAP etc. WPA2 is reserved for SOHO.

However, what is the reason for this? Is it because maintaining a passphrase in an enterprise is too much overhead, or actually because the AES encryption used with WPA2 is insecure.

We would like to have a Wireless network in part of our office where there are only about 4-5 people. In this case, building a RADIUS server for such a small amount seems overkill when we can use WPA2 *unless* RADIUS was actually more secure.

We were thinking of a combination of WPA2, MAC address filtering and hiding the SSID, although we realise there are relatively straighforward ways to bypass the last two.

Would be interested to know people's thoughts.

Thanks.
0
Comment
Question by:Dilan77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 15

Expert Comment

by:Jeff Perkins
ID: 17807736
The radius by design is more secure.  But wpa2 is relatively new and fairly secure, for now... but your question about insecure?  Well, let's face NOTHING in the ethernet is SECURE... I don't think anyone is beyond being hacked... you just have to weigh the risks versus costs....
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 17808061
Do you have an existing server to which you can add the radius service?
If you wish to use RRAS and Windows Radius server, it is fairly easy to set up.
-You need to install Radius, on the server of your choice by going to add remove programs | Windows components | Networking services | Internet Authentication Services.
-Once installed open the Internet Authentication Service under Administrative tools. Right click on "Internet Authentication Service" and "choose register service in Active directory".
-Then in the Routing and Remote Access Console, right click on the server name and choose properties, click on Security and then under Authentication Provider choose Radius Authentication in the drop down menu. Next click Configure and add your Radius server.
-In Active Directory Users and computer, under the user's profile, on the dial-in tab, make sure "control access through Remote Access policy" is checked
-Now you can add policies for authentication for your users in your Radius configuration.

The following links may be of some help:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/ias2000a.mspx
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/ias2000d.mspx
http://technet2.microsoft.com/WindowsServer/en/library/c25dccdf-b91e-4fb1-8846-cd5bcc9bcf0e1033.mspx?mfr=true
http://www.microsoft.com/technet/community/columns/cableguy/cg0404.mspx

You can also create your own radius server with a 3rd party application on an XP box using something like WinRadius:
http://www.itconsult2000.com/en/product/WinRadius.html
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17843474
Thanks Dilan77,
--Rob
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question