RADIUS or WPA2 security mode?

Posted on 2006-10-25
Last Modified: 2013-11-12

I have a query on Wireless security that I was hoping someone could help with.

Most technical journals state that for enterprises/business, WLAN security should comprise of a RADIUS server, PEAP etc. WPA2 is reserved for SOHO.

However, what is the reason for this? Is it because maintaining a passphrase in an enterprise is too much overhead, or actually because the AES encryption used with WPA2 is insecure.

We would like to have a Wireless network in part of our office where there are only about 4-5 people. In this case, building a RADIUS server for such a small amount seems overkill when we can use WPA2 *unless* RADIUS was actually more secure.

We were thinking of a combination of WPA2, MAC address filtering and hiding the SSID, although we realise there are relatively straighforward ways to bypass the last two.

Would be interested to know people's thoughts.

Question by:Dilan77
  • 2
LVL 15

Expert Comment

ID: 17807736
The radius by design is more secure.  But wpa2 is relatively new and fairly secure, for now... but your question about insecure?  Well, let's face NOTHING in the ethernet is SECURE... I don't think anyone is beyond being hacked... you just have to weigh the risks versus costs....
LVL 77

Accepted Solution

Rob Williams earned 250 total points
ID: 17808061
Do you have an existing server to which you can add the radius service?
If you wish to use RRAS and Windows Radius server, it is fairly easy to set up.
-You need to install Radius, on the server of your choice by going to add remove programs | Windows components | Networking services | Internet Authentication Services.
-Once installed open the Internet Authentication Service under Administrative tools. Right click on "Internet Authentication Service" and "choose register service in Active directory".
-Then in the Routing and Remote Access Console, right click on the server name and choose properties, click on Security and then under Authentication Provider choose Radius Authentication in the drop down menu. Next click Configure and add your Radius server.
-In Active Directory Users and computer, under the user's profile, on the dial-in tab, make sure "control access through Remote Access policy" is checked
-Now you can add policies for authentication for your users in your Radius configuration.

The following links may be of some help:

You can also create your own radius server with a 3rd party application on an XP box using something like WinRadius:
LVL 77

Expert Comment

by:Rob Williams
ID: 17843474
Thanks Dilan77,

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question